creator Intigriti's November XSS challenge
By H4R3L

Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

  • This challenge runs from the 28th of November until the 4th of December, 11:59 PM CET.
  • Out of all correct submissions, we will draw six winners on Monday, the 5th of December:
    • Three randomly drawn correct submissions
    • Three best write-ups
  • Every winner gets a €50 swag voucher for our swag shop
  • The winners will be announced on our Twitter profile.
  • For every 100 likes, we'll add a tip to announcement tweet.
  • Join our Discord to discuss the challenge!
The solution...
  • Should steal the flag from the admin user. The admin user has a note with more info on the flag.
  • The flag format is INTIGRITI{.*}.
  • Should NOT use another challenge on the domain.
  • Should be reported at
Test your payloads down below and on the challenge page here! Think you have the right solution? Send your payload to "" to have an admin check it immediately! Do not spam this endpoint. Doing so will result in a ban.

Let's pop that alert!