22 lines
595 B
Python
22 lines
595 B
Python
from flask import Flask, render_template, session, redirect, url_for
|
|
|
|
app = Flask(__name__)
|
|
app.secret_key = 'jiangsir' # 用于加密session的密钥
|
|
|
|
flag = "FLAGFLAGFLAG" # 成功伪造session后返回的flag
|
|
|
|
@app.route('/')
|
|
def index():
|
|
return render_template('index.html')
|
|
|
|
@app.route('/user', methods=["GET"])
|
|
def admin_can_list_root():
|
|
if session.get('user') == 'admin':
|
|
return flag
|
|
else:
|
|
session['user'] = 'guest'
|
|
return "No admin!!"
|
|
|
|
if __name__ == '__main__':
|
|
app.run(debug=True, use_reloader=False, host='0.0.0.0', port=80)
|