Tags: web 

Rating:

# tl;dr
* craft a payload with a random nonce
* use something like [hash-collider](https://github.com/fyxme/crc-32-hash-collider) to collide the nonce we gave earlier
* send that to admin and get the flag

Original writeup (https://lu513n.com/blog/posts/rescursive-csp/).