PBatch

S C E N A R I O
A Node.js application built with Express and Sequelize provides a product listing feature with search and filtering capabilities. Users can query products using search keywords and filter by seller. The application uses dynamic query construction with Sequelize operators and literal SQL fragments.

The system relies on an older component configuration and unsafe query composition patterns that may introduce risks in how user input is processed inside database queries. In particular, certain query structures combined with replacements and logical operators can lead to unintended query behavior affecting data visibility.

The challenge requires reviewing the source code and patching insecure query construction without upgrading dependencies, as external updates are restricted by the challenge rules.

O B J E C T I V E
Analyze the Express + Sequelize product query logic, identify unsafe query composition patterns, and fix the implementation to prevent SQL injection or logical query manipulation while preserving functionality. After securing the application, retrieve the flag from /flag.
Flag Format: Flag{}

Infrastructure Node.js / Express Application using Sequelize ORM
Provided Files Express application source code via Web 
Flag Format Flag{}