(드림핵) csrf-1
(문제) csrf로 플래그를 받자! (핵심 코드) @app.route(“/vuln”) def vuln(): param = request.args.get(“param”, “”).lower() xss_filter = (“frame”, “script”, “on”) for _ in xss_filter: param = param.replace(_, “*”) return param @app.route(“/admin/notice_flag”) def admin_notice_flag(): global memo_text if request.remote_addr != “127.0.0.1”: return “Access Denied” if request.args.get(“userid”, “”) != “admin”: return “Access Denied 2″ memo_text += f”(Notice) flag is {FLAG}\n” … Read more