The challenge gave us this link:

Inside this you find the download link of the requested file and the chiper used to encrypt it and other fields. At first glance the vulnerability could be a LFI or a SQLi but looking further through the download link:

you can see the path where the file is. So now as you may guessed the vulnerability was HTTP indexing basically. Infact you can browse the directories easly and after that I found and interesting file

Now there is another problem: the aes-cbc-256 encryption of the text. Inside every directory there is a file called ._secret where inside this you can find the key to decrypt the content of the file. So now its a cake:

openssl enc -d -aes-256-cbc -in -out

Now just unzip and open the image to see flag…