上传文件至 /
This commit is contained in:
parent
d984dfe30c
commit
fee390be0e
21
app.py
Normal file
21
app.py
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
from flask import Flask, render_template, session, redirect, url_for
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
app.secret_key = 'jiangsir' # 用于加密session的密钥
|
||||||
|
|
||||||
|
flag = "FLAGFLAGFLAG" # 成功伪造session后返回的flag
|
||||||
|
|
||||||
|
@app.route('/')
|
||||||
|
def index():
|
||||||
|
return render_template('index.html')
|
||||||
|
|
||||||
|
@app.route('/user', methods=["GET"])
|
||||||
|
def admin_can_list_root():
|
||||||
|
if session.get('user') == 'admin':
|
||||||
|
return flag
|
||||||
|
else:
|
||||||
|
session['user'] = 'guest'
|
||||||
|
return "No admin!!"
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
app.run(debug=True, use_reloader=False, host='0.0.0.0', port=80)
|
||||||
Loading…
x
Reference in New Issue
Block a user