GitBook: [master] one page modified
This commit is contained in:
parent
20bcb98eaf
commit
c1ec20400f
@ -30,7 +30,7 @@ You can find the PIN printed out on the standard output of your
|
||||
shell that runs the server
|
||||
```
|
||||
|
||||
Locate vulernable Werkzeug debug console at path `vulnerable-site.com/console`, but is locked by secret PIN number.
|
||||
Locate vulnerable Werkzeug debug console at path `vulnerable-site.com/console`, but is locked by secret PIN number.
|
||||
|
||||
You can reverse the algorithm generating the console PIN. Inspect Werkzeug’s debug `__init__.py` file on server e.g. `python3.5/site-packages/werkzeug/debug/__init__.py`. View [Werkzeug source code repo](https://github.com/pallets/werkzeug/blob/master/src/werkzeug/debug/__init__.py), but better to leak source code through file traversal vulnerability since versions likely differ.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user