From fee390be0e642a4132cc8f0023cc0b477c9c4046 Mon Sep 17 00:00:00 2001
From: jiangsir <1463310682@qq.com>
Date: Thu, 12 Sep 2024 18:57:42 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?=
 =?UTF-8?q?=20/?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 app.py

diff --git a/app.py b/app.py
new file mode 100644
index 0000000..ea1b344
--- /dev/null
+++ b/app.py
@@ -0,0 +1,21 @@
+from flask import Flask, render_template, session, redirect, url_for
+
+app = Flask(__name__)
+app.secret_key = 'jiangsir'  # 用于加密session的密钥
+
+flag = "FLAGFLAGFLAG"  # 成功伪造session后返回的flag
+
+@app.route('/')
+def index():
+    return render_template('index.html')
+
+@app.route('/user', methods=["GET"])
+def admin_can_list_root():
+    if session.get('user') == 'admin':
+        return flag
+    else:
+        session['user'] = 'guest'
+    return "No admin!!"
+
+if __name__ == '__main__':
+    app.run(debug=True, use_reloader=False, host='0.0.0.0', port=80)