Tags: web 

Rating:

Brute-force Flask session cookie secret with flask-unsign (Python library) then craft a new cookie with "LoggedIn:True".

Full video walkthrough: https://www.youtube.com/watch?v=dA28abgc57o

Original writeup (https://www.youtube.com/watch?v=dA28abgc57o).