CTFtime.org

bookhub

by v01d / the cr0wn

Tags: lua flask python redis python3 

Rating:

1. Publicly accessible debug Flask instance
2. Python decorator mistake
3. Redis Lua injection
4. Python code execution

Original writeup (https://github.com/tq2ctf/writeups/tree/master/2018_07_30_RealWorldCTF/bookhub).

Comments