Step 1: Register
Register and you’ll land on the following page. Proxy your traffic and click “View Rankings” to see the leaderboard (shocking, I know).
Step 2: SSRF
The POST /api/fetch will go to a localhost URL. Append /admin and you’ll get the flag:
Thanks for reading!
