$ cat writeup.md…
$ cat writeup.md…
neurogrid
Task: Next.js web app with nginx, hidden admin panel, hardcoded JWT secret in frontend JS, and command injection via SQLite .output filename parameter. Solution: Discover routes via _buildManifest.js, extract JWT secret from admin JS chunk, forge admin token, exploit OS command injection in report filename with ${IFS} whitespace bypass to read the flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar