Charlotte's Web Solution

  1. Prototype pollution in utils.merge() and an off-by-one error lets us pollute utils.FONTS[10] through page-settings.
  2. In the actual CTF challenge, the secret page is authenticated. Pollute credentials: include through page-style to include the necessary cookies.

Visit this page with the extension installed to view the exfiltrated contents.

Full Solution | Home

Exfiltrated Contents

{ "fontSize": "100%", "font": "", "__proto__": { "10": "" } }