No results found.
I curl the page to avoid an infinite loop, then run the script in Node.js to resolve the %c format specifier and reveal the actual flag string.
I archive a file named with a Jinja2 payload, exploit Flask's unsanitized render_template_string call, and chain the request object to import os and execute arbitrary commands.
I share how I got into CTFs, which tools and categories to start with, and why practicing through challenges beats passive learning every time.
