PoisonedNote

SCENARIO

A note-taking application that takes sanitization seriously. Input goes through DOMPurify, notes are stored safely, and an admin bot reviews anything reported to it. The developer is confident nothing malicious can slip through.

You have full access to the source code. Read carefully how notes are stored and how they are retrieved. The sanitization works exactly as intended, but something else does not.

Flag format: flag{}

Infrastructure

- Docker Container — HTTP on port 3000

Provided Files

- PoisonedNote.zip (5.5 KB)