> For the complete documentation index, see [llms.txt](https://bugology.intigriti.io/intigriti-monthly-challenges/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://bugology.intigriti.io/intigriti-monthly-challenges/1121.md).

# 1121: OWASP Top 10

| Name                                                                       | Authors                                    | Category       |
| -------------------------------------------------------------------------- | ------------------------------------------ | -------------- |
| [Intigriti November Challenge (2021)](https://challenge-1121.intigriti.io) | [IvarsVids](https://twitter.com/IvarsVids) | XSS, CSP, CSTI |

## Video Walkthrough

[![Client side template injection (CSTI) - November XSS Challenge Writeup](https://img.youtube.com/vi/-_7uL7l0qZk/0.jpg)](https://www.youtube.com/watch?v=-_7uL7l0qZk)

## Challenge Description

> Find a way to execute arbitrary javascript on the challenge page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [CSP evaluator](https://csp-evaluator.withgoogle.com)
* [CSTI](https://portswigger.net/kb/issues/00200308_client-side-template-injection)

## Community Writeups

1. [therealbrenu](https://dev.to/therealbrenu/intigriti-1121-xss-challenge-writeup-23mj)
2. [fernale](https://fernale.blogspot.com/2021/11/intigriti-xss-challenge-1121.html)
3. [mentats](https://blog.hacktivesecurity.com/index.php/2021/11/22/intigriti-november-xss-challenge)
4. [davwwwx](https://blog.xss.am/2021/11/vuejs-script-gadget-intigriti)
5. [jorge\_ctf](https://gist.github.com/jorgectf/a448e5be7a6f1f75adb8155052e6f3b5)
6. [nill](https://gist.github.com/jakecoffman/3e8a942e0a6277dc7fff81c866858a52)
7. [huli](https://hackmd.io/u_WB44H_RSGHfzegUMfYCw?view)
8. [drleek](https://medium.com/@pr0fessor/intigritis-november-xss-challenge-writeup-hacking-with-maths-and-vuejs-by-pr0fessor-d6f02902057)
9. [chocologicall](https://limerencee.github.io/intigriti-xss-challenges/2021/Nov/writeup.html)
