$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: Webhook management platform with HTML template preview system reviewed by admin bot; internal Config Service on port 3001 with misconfigured CORS. Solution: Stored XSS in template preview fetches internal config API via CORS, base64-encodes response, exfiltrates to Interaction Server via Image src URL path; flag found in secrets.platform_master_key.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar