Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-3895: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-05-07 15:31:34 +00:00 committed by gitbook-bot
parent 7f33a88918
commit 7bb967cca9
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md
View file

@ -257,7 +257,7 @@ app.secret_key = '(:secret:)'
In this scenario you need a gadget to traverse files to get to the main one to **access the global object `app.secret_key`** to change the Flask secret key and be able to [**escalate privileges** knowing this key](../../network-services-pentesting/pentesting-web/flask.md#flask-unsign). In this scenario you need a gadget to traverse files to get to the main one to **access the global object `app.secret_key`** to change the Flask secret key and be able to [**escalate privileges** knowing this key](../../network-services-pentesting/pentesting-web/flask.md#flask-unsign).
A payload like this one: A payload like this one [from this writeup](https://ctftime.org/writeup/36082):
{% code overflow="wrap" %} {% code overflow="wrap" %}
```python ```python