Rating: 5.0

Stored XSS and Response Header Injection Leads to CSRF

[**Full Writeup**](https://ctf.zeyu2001.com/2021/inctf-2021/notepad-1-snakeholes-secret)

Original writeup (https://ctf.zeyu2001.com/2021/inctf-2021/notepad-1-snakeholes-secret).