/tags/angular/ Recent content in angular on Hugo -- gohugo.io en-us Sat, 11 Apr 2026 12:00:00 +0000 /writeups/deep-blue/ Sat, 11 Apr 2026 12:00:00 +0000 /writeups/deep-blue/ Deep Blue | FCSC 2026 Challenge Discover this new marine life blog! Can you steal the author’s secret fish & chips recipe? Dockerized web app serving an Angular blog about sea creatures. A Puppeteer bot sets an httpOnly FLAG cookie on the app’s domain, then visits a user-supplied URL. Every console.log from the bot’s browser gets forwarded back through the TCP connection. The goal is to trigger XSS in the bot’s browser, use it to fetch the protected secret recipe endpoint (which needs the bot’s cookie), and exfiltrate the flag.