In this paper i will give you few hints for the level
First , we need to log in in order to get more options.
There are two ways at all: register like a normal user
(and give us 50$) or get access into other account...
Lets try to register (click on register), we get an error
'incorrect code'- XSS? good.
This is not enough for us , we need to find a way to send
the link to someone in order to get his cookies. We dont
know which members surf in this site (and we dont really
care), so how we can publish our link to all users? (take
your time for this question , check out the site).
Note: You dont need to build full cookie stealer , the site
checks that you can insert <script> and give you what
**If you find yourself against super protect , you are on
the right way.
After you found the account , you have the texts page and
the upload page. Find the right password for u****d8.asp,
in the source!
i mean the real source , not the html one...
****If you find yourself again against super protect , you
are on the right way (break the protection).
good luck ,