Leak some secret configuration variables

Difficulty: Medium

UnicornBox stores some configuration variables in a config.yml file in a folder separate from the users’ files: The layout of the server storage is as follows:

site/
  file/
    foo1.txt
    foo2.txt
    ...
  config/
    config.yml

Your task: Gain access to the secrets stored within config.yml.

Tip: Most browsers modify URLs before they are truly actually sent to the server. If you are having trouble determining what URLs are sent to the server, consider using the Network tab of your browser’s debugger.

Tip: What happens if you try to access a file that your user account doesn’t have access to? Consider what has to be true before a file is “served” from the file system in this website.