Writeup Special Order by Ambrotd

Looking around the website and with the second order hint from the second order ecuation, the only place I find I could do something was in customize

This was the request:

Convert it to xml seems to work

And the result was saved in:

So I tried to pull the /etc/passwd

And the response was on the css file clean-blog.css

So I tried with the flag.txt

And I got the flag:

Original writeup (https://github.com/Ambrotd/hacktivitycon/blob/master/Special%20Order/Special%20Order.md).