We only managed to exploit the easy flaw in the CTF itself, but could not go after. Finally, we found the second bug and managed to build an exploit.