1 posts
Full-chain CTF writeup for a WordPress and Puppeteer bot challenge involving nonce leakage, DOM clobbering, CSP nonce recovery, RCE, and SHA-256 length extension.