49_V1

You've stumbled upon NoteVault, a minimalist note-taking web application built with Python and Flask. The app lets users register, log in, and manage their personal notes,nothing out of the ordinary at first glance.

But things aren't always what they seem. Somewhere beneath the surface, the developers made a critical mistake in how they handle user input, one that gives a sharp-eyed attacker far more power than they ever intended.

Your goal: exploit this flaw to manipulate the application's database structure, then claim what's waiting for you at /flag.

flag format: flag{}