I quickly started reading the Dockerfile and app.py. Quickly realised that the
flag.txt was at / (from Dockerfile) and that the Flask web app would load
custom css based on file at the given path from user. It became obvious that
the objetive is to load thr flag.txt as custom css file and then view the it
using the View Page Source option. The Dockerfile showed that the web app was
running in /app directory. Now the challenge was to somehow reach /flag.txt
without using '../' anywhere or '/' at the start. Now realising that '../'
can't be used anywhere and '/' can't be used only in the beginning because the
function returning after the error is what helped me solve the challenge. So I
just put the path as `//flag.txt`.

![image](https://user-
images.githubusercontent.com/121946596/254964425-f3065e9a-daab-4f8c-a44d-502f919946ec.png)

Thus the flag `amateursCTF{h1tt1ng_th3_r3curs10n_l1mt_1s_1mp0ssibl3}`.

Original writeup
(https://gist.github.com/kn1-gh7/37282f568c293960917e1915bb3c445b#funny-
factorials).