best if you stick with copying down or checking out the page they are currently on now.
Yeah, that's certainly what I'm doing now! It was only mission 8 that threw me really, I didn't see the mention of SSI until I had spent a good hour slamming random post content at the page, in the hope something would escape the variable and execute as php (I fancied scandir() for quite a while)..
Though looking back, that might not have worked as a meta-solution at all - I am after all, sending code to a site which is pretending to be hackable, not one that actually is? ;D
I suppose it's a balance between:
* Teaching that obscurity, information gathering and time-wastage is a big part of programming/computing.
* Teaching the specific lesson of each individual mission.
And the distribution of relevant info seemed to skew that balance somewhat on level 8...
Just adding the words "Google SSI, why not?" on https://www.hackthissite.org/missions/basic/8/
would help, imho.
Thanks for the detailed reply - if I continue to enjoy HTS as much as I am so far, I could potentially get involved and write a few bits....