Slick

• Error out strconv.Unquote to get it to return null
• Regex injection in the search to time based attack to leak flag
• Solution script in solve.py

Original writeup (https://github.com/perfectblue/ctf-writeups/tree/master/2020/tsgctf-2020/slick).