Rating:
When we get into the website :
http://10xm9f04zpaze7u3p2at5ju70.ctf.p0wnhub.com:5000/
we can see that there is a simple form to get topics of the event so i tried to submit the form with that request:
```
POST /notifications HTTP/1.1
Host: 10xm9f04zpaze7u3p2at5ju70.ctf.p0wnhub.com:5000
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------16653180638431225724194145577
Content-Length: 175
Origin: http://10xm9f04zpaze7u3p2at5ju70.ctf.p0wnhub.com:5000
Connection: close
Referer: http://10xm9f04zpaze7u3p2at5ju70.ctf.p0wnhub.com:5000/
Upgrade-Insecure-Requests: 1
-----------------------------16653180638431225724194145577
Content-Disposition: form-data; name="topic"
CTF
-----------------------------16653180638431225724194145577--
```
and as a normal hacker i tried to make some parameter pollution so i decided to change `"topic" and i writed "topics"`.
Then i got a differend response!
I've got the python flask debugger page and while scrolling to see Exceptions I've found the flag !
and Bingoo : `HZVIII{K4fka_1ns3cure_t0p1C}`