The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...

A simple vulnerable Flask application. This can be used to test out and learn exploitation of common web application vulnerabilities. Originally written because I wanted a very simple, single file vulnerable app that I could quickly run up to perform exploitation checks against. At the moment, the following vulnerabilities are present: Python code injection ·

February 18, 2020 - Werkzeug provides an interactive debugger renders tracebacks and allows for the execution of Python code on the local machine.

December 8, 2024 - The reverse shell connected back ... system. By exploiting a Flask cookie vulnerability and combining it with insecure file upload functionality, we were able to gain remote code execution (RCE) on the target system...

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

September 10, 2017 - A script to generate flask sessions and exploit a server side template injection - ASIS CTF 2017 - flask-custom-sessions.py

July 5, 2018 - Note: the Python code calls render_template with a template that isn’t an autoescaped file extension. Depending on the code in the template, hello.unsafe, we may be vulnerable to Cross-Site Scripting.

# how to exploit: # the url could be an local file, like: file:/etc/passwd # vulns/ssrf/ssrf.py with urllib.request.urlopen(url) as f: download_image_path = f"{app.config['PUBLIC_UPLOAD_FOLDER']}/downloaded-image.png" with open(download_image_path, 'wb') as file: file_content = f.read() file.write(file_content) file.close() public_url = f"{app.config['PUBLIC_UPLOADS_URL']}/downloaded-image.png"

A simple RCE Pickle PoC with a vulnerable Flask App · In Python, the pickle module lets you serialize and deserialize data. Essentially, this means that you can convert a Python object into a stream of bytes and then reconstruct it (including the object’s internal structure) later in a different process or environment by loading that stream of bytes (for further info checkout this: https://davidhamann.de/2020/04/05/exploiting-python-pickle/

Upon collating all necessary data, the exploit script can be executed to generate the Werkzeug console PIN. The script uses the assembled probably_public_bits and private_bits to create a hash, which then undergoes further processing to produce the final PIN.

July 4, 2023 - Python Flask-Security contains an open redirect vulnerability.

January 4, 2023 - Unique Exploit for CVE-2021-43150 Using Flask · @Hored1971 · 129 posts · Security Researcher | Playing around the core of the 7 layers to build the Zero-Day Empire. subscribe to user · Total vcoins · 0 · Badges · Malware Researcher · Social media links ·

CVE-2021-21241 : The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version

This repository contains a Python script that exploits authentication bypass and remote code execution (RCE) vulnerabilities in a Flask web application. The goal is to demonstrate how these vulnerabilities can be used for a reverse shell attack.

January 31, 2024 - Cisa KevThis CVE is not part of the CISA Known Exploited Vulnerabilities Catalog · No · Exploitable with Sniper · No · CVE Published · Jan 8, 2024 · Detection added atThe date when the detection was added to Pentest-Tools.com · Jan 31, 2024 · Software Type ·

June 30, 2021 - Security vulnerabilities and package health score for pip package flask

cd Vulnerable-Flask-App · sudo pip3 install -r requirements.txt · python3 vulnerable-flask-app.py · https://twitter.com/anilyelken06 · https://medium.com/@anilyelken · https://github.com/anil-yelken · Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

September 29, 2017 - Install Python + Flask (pip install flask) export FLASK_APP=flask-vuln.py · flask run · Or use run.sh. Or use run_docker.sh (which builds the image and starts a container). Remember to stop and remove the container after you're done. Enjoy the puzzles at http://localhost:5000 ·

June 22, 2021 - Loading · ×Sorry to interrupt · Refresh

September 28, 2017 - So if we can overwrite __init__.py file with arbitrary Python code inside a directory of the web application that act as a package, then we can achieve code execution if that package is imported by the application. For our code to execute, a server restart is required in most case. But in this example we are running a Flask server with debug set to True which means every time a Python file is changed, the server will do a restart.