$ cat writeup.md…
$ cat writeup.md…
hackerlab
Task: Flask 'beta panel' with reflected XSS in /login?error= (JS-string context) and a blind SSRF /healthcheck that is actually rendered by a HeadlessChrome admin bot. Solution: the bot carries a constant credential-autofill token &s=; requesting /login?s=TOKEN pre-fills the admin username/password into the form value= attributes, leaking admin creds to log in and read /admin.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar