Tanuki is a flashcard web app with an XML-based deck export and a JSON-driven restore endpoint. The server secretly round-trips your JSON through an XML template with DTD processing enabled — giving you a path to read arbitrary files off the server without any out-of-band channel. Your goal is to exfiltrate the flag at /app/flag.txt entirely in-band.
Objective: Determine what Content-Type and body structure the restore endpoint actually requires — it will silently succeed regardless of input, so you need a way to verify that data was truly processed.
Context: POST /api/decks/:id/restore always responds 'Backup restored successfully' and creates a new deck. Sending raw XML (application/xml, text/xml, multipart) appears to work but produces only an empty 'Untitled Deck'. The real contract is different. The :id in the URL is cosmetic — any value works.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
The endpoint claims success no matter what you send. How can you tell the difference between 'accepted and processed' vs 'silently ignored'? Try changing the Content-Type and body format.
Try sending a JSON body instead of XML. Use Content-Type: application/json with keys that mirror the deck schema (name, description, category, cards). Check whether a real deck with your data appears afterward.
POST to /api/decks/1/restore with Content-Type: application/json and body {"name":"Demo","description":"d","category":"c","cards":[{"front":"Q1","back":"A1"}]}. Then GET /api/decks to confirm a new deck was created with those exact values.
Chat with a spoiler-safe tutor for this step. It uses only this lab spec and gives the smallest useful nudge first.
Tell the tutor what you tried, where you got stuck, or paste the response/error you are seeing.
Enjoying Hintru? Buy me a coffee ☕ ☕