Javascript Injection!!!

Well, I spent the last 15 minutes attempting to finish mission 5. The point of the mission, was that an administrator, setup a script to email himself a password for the site, in the event he forgot it. It was to be sent to his email: webmaster@hulla-balloo.com. Using a Javascript Injection I was able to change the email to be mailed the password to my own, thusly giving me the password when I hit the 'Send password to Sam'. Poor, poor, Sam. Never knew what hit him :/ So this was a fun one. I learned something new and somewhat useful. I also learned, never put a script to email yourself a password in the event you're too lame to remember it ;)