[FR-writeup] The Writeup is in the URL
Host Spoofing -> XXE -> jwt -> POP chain

Original writeup (https://flag-poisoning.fr/writeup/pimpmyvariant-teaser-insomnihack-ctf-2022/).