$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: Multi-tenant SaaS platform where JWT lacks tenant binding — tenant is determined by a separate cookie while the same signing secret is shared. Solution: Registered the target admin's email on a different tenant, obtained a validly-signed JWT, then replayed it cross-tenant by swapping the tenant cookie to gain admin access and retrieve the flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar