$ cat writeup.md…
$ cat writeup.md…
hackadvisor_kubstu
Task: Team collaboration platform with RBAC (Owner/Admin/Member) and invitation system; goal is privilege escalation from Member to Owner. Solution: IDOR on /org/{id}/team leaked cross-org user emails and roles, then weak password pattern ({username}123) allowed login as Owner to access security settings containing the flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar