The Pigeon Files Solution
- Exploit prototype pollution in mootools to pass the access token check.
- Open a new window to perform a search on the note.
- If the note was found, a client-side redirect occurs after 5 seconds.
- Change the window's location to
about:blank
- Check the window's
history.length. If the navigation occurred, the length would be 3.
Full Solution
| Home
Submit your note first, then try to search it. It takes around 7 seconds to show the result.