Token of Trust I didn't have any information I could get other than that I could log in from /login So I expected robots.txt exist. Disallow: /flag (But hey, who listens to robots anyway?) there is flag api endpoint but i can't GET it I guess it is POST method Hint: I only care about your request format, not your credentials. 😉 So I think solution 1. cracked jwt with admin- This vulnerabili..
