# 1222: Christmas Blog

| Name                                                                       | Authors                                | Category |
| -------------------------------------------------------------------------- | -------------------------------------- | -------- |
| [Intigriti December Challenge (2022)](https://challenge-1222.intigriti.io) | [fh4ntke](https://twitter.com/fh4ntke) | XSS, CSP |

## Video Walkthrough

[![Self-XSS upgrade? - Solution to December '22 XSS Challenge](https://img.youtube.com/vi/FowbZ8IlU7o/0.jpg)](https://www.youtube.com/watch?v=FowbZ8IlU7o)

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [DOM clobbering](https://portswigger.net/web-security/dom-based/dom-clobbering)
* [CSP evaluator](https://csp-evaluator.withgoogle.com)

## Community Writeups

1. [fariskhi](https://gist.github.com/farisv/81ee999b8bbe579b5648330916752f6f)
2. [effectrenan](https://blog.effectrenan.com/intigriti-december-xss-challenge-1222)
3. [jorenverheyen](https://jorenverheyen.github.io/intigriti-december-2022.html)
4. [joaxcar](https://blog.joaxcar.com/writeups/2023/01/02/intigriti-december-xss-challenge)