This was a fun one. We start off with a web page and get a foothold with an arbitrary file read vulnerability, and end it off with a Python Flask Arbitrary Code Execution in the web debugger.

Original writeup (https://cheukyin699.github.io/writeup/2020/01/08/the-prophet-tetctf.html).