This repo doesn't seem to get updates, but for awareness, run.py sets debug=True by default. This means /console is available wherever the application is deployed. To exploit this, run commands via the Python interpreter: print(__import__('os').popen('ls -al').read())
Suggestion to fix,
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from caqe import app
app.run(debug=False, threaded=True)
This repo doesn't seem to get updates, but for awareness, run.py sets
debug=Trueby default. This means/consoleis available wherever the application is deployed. To exploit this, run commands via the Python interpreter:print(__import__('os').popen('ls -al').read())Suggestion to fix,