Tags: web directory-traversal werkzeug
Rating:
TL:DR:
Recreation of this [hacktrick](https://book.hacktricks.xyz/pentesting/pentesting-web/werkzeug)
1. Don’t use Werkzeug debugger lol
2. Give the `?animal=` GET parameter something unexpected (`?animal=blah`) and get yourself a traceback with a python console (Werkzeug lol)
3. Oh wait it’s PIN protected
4. Nevermind you can generate the pin yourself
5. Directory-traversal though `?animal=` parameter for linux files (like `?animal=%2F..%2F../sys/class/net/eth0/address`)
6. Cat flag but in a python shell