$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: CloudVault file sharing platform allows SVG uploads served raw with image/svg+xml MIME type; admin bot reviews reported content and has flag in non-HttpOnly cookie. Solution: upload SVG with embedded JavaScript, use same-origin comments API to exfiltrate admin's cookies when bot visits the raw SVG URL.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar