$ cat writeup.md…
$ cat writeup.md…
bluehensctf
Task: FastAPI microblog with private admin user storing flag in private post. Solution: Exploit broken visibility condition + hidden order_by=password to create lexicographic oracle, binary-search admin password, login as admin.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar