Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
This one is pretty simple. One parameter is vulnerable, ?url=. Can you get XSS to execute?
Important: We can see you don't have a valid submission to this challenge yet. Be warned you may ruin the challenge by viewing the solutionShow Solution