To complete this mission you will need to understand XSS (Cross-site scripting). I will be posting an extensive overview along with some good sites to reference for XSS.

To summarize quickly, Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allows code injection by malicious web users into the web pages viewed by other users.

For this mission you want to utilize XSS in order to get m-crap’s login information so you can pay r-conner.

First thing you have to realize is when you login as r-conner the site gives you some cookies. These cookies have your username and password in them. The trick is to get m-crap cookies. To do this you have to utilize the send message feature and send m-crap some XSS.

The idea is when m-crap looks at his mail message this message will send you his cookies. However if you notice the cookie is being sent to:

This means that cookie.php needs to take the cookie and send it to you. Here is the php code:

This code will send m-crap’s cookie information to your e-mail address. Note that the mission does not require this php page however it is useful to understand the complete process.

In the message you should receive the following:

You can use FireFox with some cookie editor add-on to edit the cookies. The cookies should match the ones above. Now that you are impersonating m-crap you can go and pay r-conner.

The mission is not over though. r-conner thanks you but tells you to remove your activity by using the subscribe to mailing list page. In the source code of this page you notice it is writing to

You examine the files folder and notcie there is a logs directory with a logs.txt file inside.

So you need to go back to the mailing list page and and edit the headers sent to the page and the hidden field

This will put the e-mail address you just typed into the logs.txt file.

If you are wondering how to modify the headers use FireFox and an add-on. I like tamper data.

I’ll be writing more on XSS and HTTP headers some time later on stay tuned.