Hi. Hope this helps....
By now everyone knows its xss.... so...
1- find out what it is if you don't know. If you want to see how its done here is a helpfull guide
http://www.youtube.com/watch?v=foTEOsJuR4c 2- Javascript is needed... and you need a very specific action...... so read this...
http://www.infimum.dk/HTML/JSwindows.html3- think a little... all you need is to add 1 and 2....
4- Second part. Very easy... READ every single text on the site... before going to html code you should see what is written for all users. after you find the right page just see it's html....
Hope this helps without spoiling anything.
good luck