Below is the hint that was given with challenge description
`HINT - Try looking past the typical vulnerabilities. Think about possible programming mistakes.`

I was not going to post a write up for this but when I randomly saw other write up for this challenge. I realised that I solved this chall totally different way.
When I read the hint `Access Control` was the bug that I immediately thought of. So I went to challenge website and tried to guess what will be the resource path where user will be redirected to when logged in.
I tried
- http://2018shell1.picoctf.com:47150/user
- http://2018shell1.picoctf.com:47150/home
- http://2018shell1.picoctf.com:47150/profile

And guess what last one gave me the flag. I dont know if this was really intended bug but till now I was thinking that this is how it was supposed to be solved haha.