You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Starting with the description of the challenge, we know what the goal is to create some cards and send them to the admin. There's the possibility to put images into them, choosing from a predefined list of 4. Otherwise, a custom text is accepted. Moreover, from app source code we see that `/flag` is accessible only from admin. XSS flavour around here, do you feel it?
Starting with the description of the challenge, we know the goal is to create some cards and send them to the admin. There's the possibility to put images into them, choosing from a predefined list of 4. Otherwise, a custom text is accepted. Moreover, from app source code we see that `/flag` is accessible only from admin. XSS flavour around here, do you feel it?
