上传文件至 /

2024-09-12 18:57:42 +08:00 · 2024-09-12 18:57:42 +08:00 · fee390be0e
commit fee390be0e
parent d984dfe30c
1 changed files with 21 additions and 0 deletions
--- a/app.py
+++ b/app.py
@ -0,0 +1,21 @@
+from flask import Flask, render_template, session, redirect, url_for
+
+app = Flask(__name__)
+app.secret_key = 'jiangsir'  # 用于加密session的密钥
+
+flag = "FLAGFLAGFLAG"  # 成功伪造session后返回的flag
+
+@app.route('/')
+def index():
+    return render_template('index.html')
+
+@app.route('/user', methods=["GET"])
+def admin_can_list_root():
+    if session.get('user') == 'admin':
+        return flag
+    else:
+        session['user'] = 'guest'
+    return "No admin!!"
+
+if __name__ == '__main__':
+    app.run(debug=True, use_reloader=False, host='0.0.0.0', port=80)