Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
Note For this challenge you will need an account on https://www.bugbountytraining.com/FFH/
Thanks again for everyone helping us test our site and let us know where we are making mistakes. We've started patching some bugs but we'd love your help to know if we have fixed the bug enabling XSS in the name and if it's all done correctly.
Login to your account on https://www.bugbountytraining.com/FFH/
You are ONLY testing on newsettings.php for this challenge!
- Find any issues with how it works, let us know! :)