Rating:
Arbitrary file read as `http://bottle-poem.ctf.sekai.team/show?id={FILE}`
Get source code path from `/proc/self/cmdline`, read source code at `/app/app.py` and secret from `/app/config/secret.py`.
Use the provided secret to forge cookies to send to the `/sign` endpoint, use pickle command injection to execute arbitrary commands, then execute and read output of `/flag`.
