Python Werkzeug Debugger Fun
This post is a writeup of 'slightly-broken' challenge from Cyberedu Warm-up CTF #1.
Once you access the challenge web site, you will see a page with a link which will lead to a Werkzeug debugger page.
Remote Code Execution, or RCE, via this debugger page is widely known security issue [1][2] and you can access interactive console UI via /console. (Side note: I was about to try Flask Jinja SSTI if this did not work)
All you need to do is read the flag.txt
file from the current directory.
[1] exploit-db.com/exploits/43905
[2] labs.detectify.com/2015/10/02/how-patreon-g..