The Pigeon Files Solution

  1. Exploit prototype pollution in mootools to pass the access token check.
  2. Open a new window to perform a search on the note.
  3. If the note was found, a client-side redirect occurs after 5 seconds.
  4. Change the window's location to about:blank
  5. Check the window's history.length. If the navigation occurred, the length would be 3.

Full Solution | Home

Submit your note first, then try to search it. It takes around 7 seconds to show the result.