XSS to leak window.location.href which gives us admin cookie to visit /flag

Original writeup (https://rainbowpigeon.netlify.app/posts/zh3r0ctf-2021/#bxxs).