A web application with an interesting user interface is exploited using a reflected Cross-Site Scripting (XSS) vulnerability through an unusual means in order to report a user and make the Administrator execute some JavaScript on the target user’s page.
We then send a request to the /secret_admin_search endpoint to execute an SQL injection to fetch the flag.
The endpoint burns the source code which contains the flag as a comment on the user’s profile.
The flag is obtained using a base64 decoding of the source code obtained using an XSS on the admin’s page and subsequent SQL injection.
This challenge is timed and points are awarded based on the time taken to complete the challenge.