This will be solution for Level 7 Practical Web Hacking CTF #2.
The objective is to inset a html tag with our name in it, for that we need to see some details about the implementation.
After close inspection of the url we noticed that a script uses the window.location.href, this lead to the idea that some of that information might be sent to server, for later use, in the attempt to verify this i noticed that a hidden input field with the value of arguments sent in the query string.
- break\ end the hidden tag.
- Create tag with the required string.
- Enjoy level 8 :)