# 1022: Secure Notes

| Name                                                                      | Authors                                   | Category                                                         |
| ------------------------------------------------------------------------- | ----------------------------------------- | ---------------------------------------------------------------- |
| [Intigriti October Challenge (2022)](https://challenge-1022.intigriti.io) | [0xGodson](https://twitter.com/0xGodson_) | XSS, CSRF, Markup Injection, Prototype Pollution, Cookie Tossing |

## Video Walkthrough

[![CSRF/Markup Injection/Prototype Pollution/SOME/Cookie Toss?! Solution to October '22 XSS Challenge](https://img.youtube.com/vi/EZfPrgrV5p4/0.jpg)](https://www.youtube.com/watch?v=EZfPrgrV5p4)

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [CSRF](https://portswigger.net/web-security/csrf)
* [Markup injection](https://portswigger.net/web-security/cross-site-scripting/dangling-markup)
* [Prototype pollution](https://portswigger.net/web-security/prototype-pollution)
* [Cookie tossing](https://www.youtube.com/watch?v=njQcVWPB1is)