Rating:
Provided witha simple site where we can put username, there seems to be a member only fact, which has the flag Going through the provided source code I noticed they were using JSON.parse and JSON.stringify to decode the JSON from tokens. The token JSON was generated as below then encrypted
```
const token = `{"integrity":"${INTEGRITY}","member":0,"username":"${username}"}`
```
No sanitization was done on username, and we have full control over that, so we can overwrite the existing keys. Gave username as
`a","member":1,"username":"anandu`
And we can now view the member only fact, which gives the flag as flag{1_c4nt_f1nd_4_g00d_p4nd4_pun}