Challenge One: Strange XSS
Sat Nov 15 18:36:29 UTC 2025
The following challenge page frames an inner.html page that is vulnerable to XSS. Frame the inner.html page from an attacker page and get JavaScript execution inside of it. Try not to share solutions too publicly. In one week, a writeup will be published and a second challenge will be released. A week after that a writeup for the second challenge will be released, as well as a writeup on a vulnerability in an open source library that uses the relevant ideas here to achieve XSS.
Special thanks to @xssdoctor and @J0R1AN for beta testing and finding unintended solutions.
Other Articles
Abbreviated Reproduction of CVE-2025-55315 (Critical 9.9 ASP.NET Kestrel HTTP Request and Response Smuggling)
From Component to Compromised: XSS via React createElement
Following The JSON Path: A Road Paved in RCE
New DOM XSS in Old Swagger UI v2.2.8
DOM XSS in CyberChef: Traversing Multiple Execution Contexts
Weaponizing Chrome CVE-2023-2033 for RCE in Electron: Some Assembly Required
Burster Shell: Spawn Children of Arbitrary Processes
Discovering RCE in Repository Onboarding Code
Byte Macro: Implementing an Obscure Telnet Option
Multicall Binary Packer
Using Discord Desktop for Backdoor Persistence
Invisible Javascript Malware
Custom Blog CMS