# 1122: Secure Vault

| Name                                                                       | Authors                            | Category             |
| -------------------------------------------------------------------------- | ---------------------------------- | -------------------- |
| [Intigriti November Challenge (2022)](https://challenge-1122.intigriti.io) | [H4R3L](https://twitter.com/H4R3L) | XSS, Cache poisoning |

## Video Walkthrough

[![Cache Poisoning? - Solution to November '22 XSS Challenge](https://img.youtube.com/vi/nY7HT1lNHwQ/0.jpg)](https://www.youtube.com/watch?v=nY7HT1lNHwQ)

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [Cache poisoning](https://owasp.org/www-community/attacks/Cache_Poisoning)
* [Abusing URL parser confusions (bug bounty writeup from challenge creator)](https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html)

## Community Writeups

1. [0xgodson](https://gist.github.com/0xGodson/2ba1ca9d52aa4621794600b4d4a301de)
2. [sudistark](https://github.com/Sudistark/CTF-Writeups/blob/main/Intigriti-XSS-Challenges/2022/Dec.md)