tl;dr
- Slice files.js using nginx partial caching.
- Use Subresource Integrity to load the right script
- Use DOM clobbering and Cache probing to leak the flag uuid

Original writeup (https://blog.bi0s.in/2024/03/06/Web/ImageGallery1-bi0sCTF2024/).