hi, i'm doing the challenge, i can log as admin(i cracked the hash) but i still not pass it, i think because i have to get into the panel. also i cant see the message of a user at comm center that says he found a bug and yesterday i could. but i made this post because i can inject javascript and other interesting html stuff in that page, but i dont know if the admin check the site and how, if its a user or a script(i would like to know which to exploit it) and i would like to know it
If I remember it correctly, you don't have to wait for an admin to visit the site. You have to do as if one would come and if you do it properly, it will answer back to you.