Opinion: feels faker than TryHackMe or OverTheWire - try random things and the flag appears even though it may not really give you access to anything useful in real life
Flag 1
/page/4 was 403...
something hidden there?
how can i access?
how else can i access page content?
edit page...
/page/edit/4
success
#### Flag 2
sql path injection...
/page/1'
success
### Flag 3
phinjection...