Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge. The goal of this challenge is to alert using Google Chrome or Firefox.
Finished the challenge? Submit your answer