top | item 23083431

(no title)

Quite a few "people" have solved it it looks like, and it's riddled with persisted XSS attacks once you get past it.

Here's the returned response when you succeed: https://hasteb.in/iyifapud.html

I found the "man" category to be the easiest to pretend to be a bot on.

discuss

My understanding of persisted XSS attacks is that it's not that the site is malicious, but that it had security holes, so other people who got through the captcha uploaded malicious scripts. Now the site is serving them unawares. Does that sound right?

ollien|5 years ago

Correct. If it were malicious on the part of the site, they could just send you that javascript anyway.