$ cat writeup.md…
$ cat writeup.md…
cryptohack
Task: PyJWT-based session endpoint builds JSON via raw string concatenation of an unsanitized username, parses it with json.loads, and signs it with the server secret. Solution: inject a duplicate \"admin\":\"True\" key through the username so json.loads keeps the last value, making the server legitimately sign a forged admin token.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar