$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: Analytics dashboard with client-side widget rendering; deepSet() parses URL query params with bracket notation without filtering __proto__. Solution: Prototype pollution via __proto__[headerTemplate] injects HTML into innerHTML gadget in renderWidget(), achieving DOM XSS to exfiltrate admin flag via shared notes API.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar