Level 2 - Persistence is key

Hints

1. Note that the "welcome" post contains HTML, which indicates that the template doesn't escape the contents of status messages.

2. Entering a <script> tag on this level will not work. Try an element with a JavaScript attribute instead.

3. This level is sponsored by the letters i, m and g and the attribute onerror.

Exploitation

Payload

Since we cannot use <script> tags, we have to craft a basic payload using <img> tags.

<img src=1 onerror=alert(1)>