$ cat writeup.md…
$ cat writeup.md…
miptctf
Two Flask services: main app sends search results to internal censor via HTTP GET. Mode parameter has no length validation. Werkzeug URL length limit creates binary oracle: long text (found) triggers 414 error, short text (not found) succeeds. Error response bypasses XOR+SHA256, enabling character-by-character flag brute force.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar