some hitns about the injection.

I think you don’t understand how to do.
Did you ever try to look at the source code after you injection ?

Hi Mugiware27,
I am trying to test first with an alert, then when I see the code, this is what i get

<li class="list-group-item"><a href='?view=3'><script>alert('XSS')</sc

but it is not being executed.
Well I will try to close the DIV’s.

Yeah you have not yet realized how to do. Keep searching how to do

Hi, I could inject this:

<a onclick=alert(1)>text</a>

but the space is too short for inject something good.

So that is my question
Am I injecting the right entry point of the application?
or should look for another entry to inject?

thx

You have understand that you have to inject something.
But the thing you don’t understand is the most interesting thing of the level
So what you have here :
You have to inject some javascript code
You know where to inject it
You have understand there is a limit on the injection place

Now you have to ask yourself the good questions :
How to make a good injection works ?
How to break that limit ?
What the number of the character limit ?

Think about that and you’ll find how to do it

Hello !
Ive found the answer of the limit,

i have san idea to write through the limit, (i dont know if it is realy a spoil xD)

damn i feel like a noob overranked !

Edit
“HUGE SPOILER” DELETED //according to guys who did it but i didnt ! xD

I’d consider that a huge spoiler.

Huge spoil mate, delete it asap

but i need more hint …
im stuck there CRAZY… and my real work begin to be impact by my creazyness !
So im trying hard to make it without XSS, i want the guy to POST (YES POST IT ON HIS OWN WEBSITE IN FRONT OF HIM xD)
i know this is not realy sneaky but i dont like XSS which is a bit sneaky but there would be “proof” oof the steal on an other site… i dislike…
anyway dont care my reason i d like to not do XSS !
i m learning a lot so my crazyness ‘bout this level isnt useless (HEHE i now know what is XSS meaning xD)…
but there i neeeed you guys , am i trying to do an useless thing? is it possible ?
to finish my try, i just need to learn more about this “post” “submit” mecanism, i dont realy see it … clearly ….

it is a “post” and not a “GET"so i cant do anything like this ?
"contact.php?message=thethingiwantinthenewmessagevalue”
…probably not so
and how could i do a “submit.onload ” or something like this …

if the expert is not stupid he would probably delete it, but i dunno why he didnt deleted me first test, so he is dumb or “scripted”…

I am not even sure what you mean, what are you trying to do without xss?

Yes, it is very clear from your rambling that you have gone crazy. What you want to do is still XSS, but I’m pretty sure that for this specific challenge it is not possible. Besides, why make things complicated if you don’t fully control the basics yet?

I d like to use contact.php to remember the wanted biscuit of the logged guy who pass there , by posting a “contact message” with the biscuit inside ….

(mmmh …. i perhaps see only message comming from my IP … for real, its true because i have a “hackthis cookie”
but thats unfair if it is virtualy true because the site “secure,us” give me no cookie to do it ! …
and if i only see “my message” , well i will not see the “unwanted” post from admin with his biscuit inside…)

anyway i have to learn more about POST mecanism … thats what i miss for CAPTCHA too …

dlooser : i always run before to walk …

Moreover this challenge is an idea to do “by my way” and im lazy to create an accound to host my php recipe =_=

As @dloser said, it seems that you have not fully mastered the basics and you want to do something which is 1) a lot more complex than what is required and 2) does not seem to be at all useful

let s think how they want me to think so ^^
i will work for it and one day “I LL BE BACK FROM FRANCE!” ;)