JS 4

I'be used firebug to change the get i then made the button to display the cookie. I'm not sure if i'm displaying the correct cookie could someone point me in the right direction..?

You don't need to use firebug or anything else, GET variables are displayed in the browser's address bar.

You're not looking for a specific cookie either, just a generic alert will do.

I don't understand. I can view cookies with Developer Tools (Vivaldi browser), but what am I supposed to do with the cookie and the button? What do you mean by "a basic alert"?

The button is used to send a GET request (named 'submit') to index.php. A basic alert is something like this:

markup<script>alert('Hello World');</script>

You need to take advantage of this to make it alert the hidden cookie.

Ok, I think I'm on the right path but not quite there. How am I supposed to use the GET parameter? If I write …….Spoiler removed……… in the Javascript console, I just get an empty alert box. In Developer Tools, I can see the site cookie (with fields beginning fusion_ and a PHP session ID). But I think there is another cookie (the "hidden cookie")

The way you exploit the GET is thought the url, don't use firefox or anything else, type in in the address bar.

What you used in the consol would normally be accepted, but this challenge is hardcoded to only accept the answer via the url, and was made long before you needed to use add ons for the js.