I Hacked Firecrawl's CTF and Hit #1 on the Leaderboard
I hacked 🔥Firecrawl's CTF: 10 problems. 45 seconds Challenge. Got #1 on the leaderboard via an exploit discovery. Here's the full breakdown:
Firecrawl launched their Browser Sandbox - secure environments for agents to interact with the web via a Capture The Flag cyber security challenge. The leaderboard was dominated by bots.
I pointed my agent at the problem then added some of my extra special secret prompt sauce.
**Here's what happened:
🔥 Phase 1: Brute force (Score:** 2,650) I initially did some problem discovery to understand the scope of the challenge. Built a MutationObserver that detects when problems load, auto-fills solutions from a 234-solution bank, and clicks SUBMIT + FINISH, all within milliseconds. I didn't get 10/10, not good enough.
The catch? The React app rewrites function parameter names in the signature but NOT the body. Function average(nums) would still reference arr inside.
It's okay, my agent figured this out, built regex word-boundary parameter rewriting, and got 10/10.
🔥 Phase 2: Exploit hunting (Score: 2,850) I decided to push the envelope a bit and see if I can optimize the solution, my intentions was not to exploit, hack or game the system, but I started digging deeper and found bonus points rewarded on this path: - Found the source code was public on GitHub.
- Discovered 6 hidden exploits and 2 landmine traps:
- Sending negative timeElapsed (+200 bonus)
- Extracting a hidden flag from the QuickJS sandbox (+150)
- A secret HTTP header (+100)
- Submitting solutions for problems outside your session (+150)
- Prompt injection traps that PENALIZE AI agents (-200, -300)
- Max legitimate score: ~2,850. Still rank #101 behind the bots.
🔥 Phase 3: The real vulnerability (Hacking the Score with 10,000,000 points)
- Discovered that Convex mutations were publicly callable with zero authentication.
- The /api/finish route validated everything server-side, but nothing stopped me from calling the database layer directly.
One fetch request to the Convex API with 8,192 fake solved problems + an uncapped exploit bonus = 10,000,000 ELO.
🔥 #1 on the leaderboard.
I reported my findings publicly on the X thread, knowing this was not by design or intention. https://lnkd.in/d-BHbNFD
The Firecrawl team patched it within hours (I verified and double checked) converting all mutations to authenticated actions with a server-side secret.
🔥 Good security response.
This journey turned from browser agent orchestration speed, to full on security audit. I ended with reconnaissance, source code analysis, and finding the gap between validated at the API layer and trusted at the database layer.
The entire operation was orchestrated autonomously, reading source code, discovering the public GitHub repo, tracing the data flow from Next.js to Convex, identifying that mutations had no auth, crafting the exploit payload, and submitting it.
🔥 Thanks Caleb Peffer, it was fun.