SeCure lopp

S C E N A R I O
A web application serves a blog platform where users can browse and search posts dynamically using JavaScript. While most user inputs are sanitized using DOMPurify, the application still relies on global browser objects to control certain UI behavior.

The rendering logic introduces a dependency on a global variable (window.defualt_rate) to determine how UI elements are displayed. Under specific conditions, the browser’s DOM behavior may allow unexpected object substitution, leading to manipulation of client-side logic.

O B J E C T I V E
Analyze the frontend JavaScript, identify how global object resolution affects rendering logic, and determine how this behavior can be abused to influence DOM rendering flow and achieve script execution.

Infrastructure Flask Web Application (Frontend-heavy)

Provided Files secure_lopp.zip

Flag Format Flag{}