This is my solution for Grand Prix Heaven from Google 2024 CTF. I particularly enjoyed this challenge because of its detail level; multiple little vulnerabilities had to be chained together to achieve XSS on the target. I will start with the exploit, then follow up with the notes which may help explain why the exploit does what it does. Exploit import requests import json import re import exif import warnings warnings.