Step 1: Register and browse
Register and browse around the app (whilst capturing traffic). Specifically, click on a profile, in this case otter_lover. Select the pictures on his page:
Step 2: Look at history
The file= stands out, and maybe we can change that to a location of our choice?
We can! If you browse to ../../etc/passwd, it says the flag is elsewhere. But if you browse to ../flag.txt you will indeed get the flag!
Thanks for reading!
