Mirage Track

Level 36 → Level 37

The Model Is the Vector
1050 pts+150 first-blood bonus

Objective

Brieflo. The model's own output is rendered unsanitized — exfiltrate through a markdown image it writes (insecure output handling).

How to play

Open the target in your browser, find the flaw, and exploit it. On success the page reveals the login for the next level — that password is this level's flag. Submit it on the track page (or /submit) to bank the points.

Target

Log in as l36 with the password you captured on the previous level, then:
https://mirage-l36.breachlab.org
Open target ↗
🩸
First Blood captured by
ACTIVE RECORD