Our challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic. Please practise hacking on our challenges manually.
Failure to abide by the rules will put you at risk of being restricted from using our free challenges.
This strict URL filter should prevent XSS, right?
This one is pretty simple. One parameter is vulnerable,
?url=. Can you get XSS to execute?