"Sandbox-iframe XSS challenge solution" by joaxcar

Other

"This is a writeup describing the solution to a small XSS challenge I posted on Twitter in May 2024" by Johan Carlsson. The challange page https://sandbox-iframe-ctf.glitch.me allows for arbitrary HTML in the search parameter xss as a Base64 encoded string. The HTML will be put inside a sandboxed iframe on the same page. The page will also add a flag to the hash portion of the URL upon visiting the site. The mission was to leak this flag in the hash and show the value in an alert box.

https://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/