I will put this here just in-case anyone needs it, i had quite sometime finding the flag. here’s a tip to solving this question,
The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for ‘flag’ and obtain the flag;
when using curl to search for ‘flag’ to obtain the flag, we do;
└─$ curl ‘http://188.8.131.52:31178/search.php?search=flag’ -H ‘Authorization: Basic YWRtaW46YWRtaW4=’ -i -v
this gives you the flag.
cheers i hope to post more help, as i can .