● Bug Hunter I can get a hint in main page. It gives a word "Reflected XSS". So I tried some test payload using "tsukushi" parameter. I can trigger XSS. But where is the flag? I can't guess anything, so checked description. They gave me "guess" and "RFC". I searched about RFC and find hint like this. I entered into "/.well-kown/security.txt". Got it. Technically, it's not xss problem I expected...