<?php // Challenge: Let's try to leak `session_id()` value by abusing HTML tag injection found in the middle of this page. // More specifically, the task for you is to create a cross-origin web page that injects some tags to this page by framing and determine the value of `session_id()`. // There's no crawler like usual CTFs, so you should try your PoC(s) in your browser. // // Hint 1: You can inject <style> tags with the tag injection. // Hint 2: You can construct a style which leaks the first character of `session_id()` easily as explained by the presentation slide. // Hint 3: You can interact with a server which receives the leakage, from the web page you created.