2 challenges available. Find the flag, submit it, earn points.
The API has a broken authentication mechanism. Bypass it.
Exploit mass assignment vulnerability to escalate privileges.