SSTI Bypass using HTTP Request Referer and Cookie headers - My First App Writeup

This is solution for My First App challenge from UofTCTF 23. It covers initial JWT cracking and then escalating it to SSTI. And then bypassing filters by using the request object attributes