There are four flag
First Flag
Select Edit this page
and then modify the path
http://35.196.135.216/4c30365280/page/edit/8 '
(the SQL injection type)
and submit
The second Flag
XSS attacks (that is, the user can change the content of submitted api meaning)
as editor
and select save found normal display, then click Go Home to get the second Flag
3rd Flag
There is XSS content, structure
and then save, then click on the image will come out the dialog box.
After, F12, right All, Response to get the Flag
4th Flag directly into the id in the address bar and then press Enter you can get 4