flask

2 articles
sort: new top best
clear filter
bug-bounty498 google355 xss301 microsoft298 facebook263 rce211 exploit200 malware171 apple164 cve136 account-takeover115 bragging-post102 privilege-escalation95 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain68 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering55 react52 access-control51 input-validation49 cross-site-scripting48 aws47 cloudflare47 docker46 web-security46 lfi46 sql-injection45 smart-contract45 ethereum44 web-application44 web343 defi43 ctf43 oauth43 node43 pentest40 race-condition39 idor37 open-source37 cloud37 burp-suite36 info-disclosure36 auth-bypass35
0 7/10
RCE with Flask Jinja tempelate Injection
bug-bounty

A Flask/Jinja2 template injection vulnerability was discovered in an email generation utility that evaluated user input in email subject fields. The attacker exploited Python object introspection through Jinja2 syntax to access the file class and read sensitive files including configuration files with API keys and encryption keys from a GCE instance.

template-injection jinja2 flask rce python ssti file-read bug-bounty web-application email-functionality object-introspection
Flask Jinja2 Django Bugcrowd AkShAy KaTkAr Wappalyzer GCE
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · details
0 4/10
Security Practicals: Complete Walkthrough
tutorial

A complete walkthrough guide covering setup and security testing of a Flask web application with Apache and MySQL on Kali Linux, including HTTPS traffic analysis and bug bounty hunting techniques.

tutorial kali-linux apache mysql flask https traffic-analysis web-app-security bug-bounty-methodology
Apache MySQL Flask Kali Linux
medium.com · Hithaishi S P · 1 day ago · details