Tags: web xss
Rating: 5.0
XSS to leak window.location.href which gives us admin cookie to visit /flag
I don't remember