Flask .
Flask is a lightweight web application framework written in Python. It is a microframe because its core is very simple, but other features can be added through extensions The core components of Flask include Werkzeug, a WSGI toolbox, and Jinja2, a template engine
Topic environment
Module injection is okay, but the first time I saw the combination of module injection and file upload, I also found it quite novel.
Using the burpsuite tool .
Required for sending and receiving data .
First, write a Python script file .
import os
#call os module
os.system('ls /')
#call os in the module system external command execution, ls / list all directories and files in the root directory
Name the secondary file in png format.
First, use Firefox to open the question and also open Burp to prepare for packet capture
Repeater Pack
Send
Okay, we also found the trace of the flag here.
View flag content
Change external execution commands in the data package
cat/flag View the content of the flag in the root directory of f..
Send
Take down the flag:
flag{a6264dc026eee12800ee179de0f87807}.