XSS4
Here is the code for displaying messages. Your goal is to perform an XSS injection with alert(1) (Note: exactly alert(1), not alert('1'), not alert('taco'), not anything else) on this page.
if(isset($_POST['message']) and isset($_POST['title'])){ $title = strip_tags($_POST['title']); $message = strip_tags($_POST['message']); $user = strip_tags($_SESSION['username']); echo "<div style='border:solid silver 2px; width:400px;' title='$title'>Message by $user: $message</div>"; }Note: This challenge has a hard-coded set of accepted answers.
You must be logged in order to submit an answer.
Challenge by ynori7.