Great box ! Learning a lot and discover a very interesting technique.
My tips :
foothold : enum correctly and when you enumerate, don’t miss the halt of the equation.
And an advice that I forget too often : if you find something you don’t understand, take your time and read some doc!
user : think like the developer. If you want make the same thing, what code will you write? use burp/zap and you will find.
root : ok, now if you don’t know the attack, you need to learn it, all is on this thread.
Take your time to learn what append, what can be do. If you don’t have a knowledge of the tool, you will not find the root flag. The creator has put some hints like a real life box on the foothold, read this carefully.