Old software, good software:
Clone and pwn: https://github.com/FirebaseExtended/firepad
We're given a very minimal admin bot launcher page that gives us a URL to a demo Firepad.
Without any further details, it looks like we're meant to find a (likely XSS) vulnerability in the Firepad source code we can use on the admin to get the flag.