$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: collaborative wiki platform behind nginx reverse proxy with aggressive caching, admin bot visits user-submitted URLs. Solution: web cache deception — append .css extension to /api/auth/session to trick nginx into caching admin's authenticated session response, then retrieve cached credentials.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar