re: Hacker101 CTF - Micro-CMS v1 VIEW POST


Flag 3 has another approach.
You don't need to add that "flag"-Parameter.
You only have to use another way to inject JavaScript in the code but with a script-tag.

For example, I have add an Image and new Image-Tage in an edited page, and add an alert in onclick. Thats solved this 3rd Flag. For you the solution was only the onclick in your button. ;)

code of conduct - report abuse