Tags: web xss 

Rating: 5.0

XSS to leak window.location.href which gives us admin cookie to visit /flag

Original writeup (https://rainbowpigeon.netlify.app/posts/zh3r0ctf-2021/#bxxs).