Simple XSS.
There are a lot of methods to get *sound* flag, I used session changing.

Original writeup (https://github.com/mdsnins/ctf-writeups/blob/master/pctf2018/idIoT-Action.md).