👩💻 Join our community of thousands of amazing developers!
I was playing a CTF at 247CTF.com, called “Secure Session” with the description, “If you can guess our random secret key, we will tell you the flag securely stored in your session.” It was surprisingly easy to capture the flag; it took less than a minute. And that’s because sessions aren’t secure storage for sensitive data. The code was a simple Flask app: import os from flask import Flask, request, session from flag import flag app = Flask(__name__) app.config['SECRET_KEY'] = os.urandom(24) d...