Code Review 02

This exercise is one of our challenges to help you learn how to review real source code

1-2 Hrs.


In this exercise, you are tasked with examining the source code of a file system adapter for Flask to uncover security vulnerabilities. The source code can be downloaded as a zip file, allowing you to thoroughly investigate the implementation. The challenge primarily revolves around the server-side sessions managed by Flask Session.

An attacker can control certain values within the server-side sessions, and one of these values is used without proper filtering or escaping. Although the cache hashes the filename using MD5, this issue is still significant as similar vulnerabilities can appear in other tools. Your objective is to identify the file and line number containing the weakness and submit your findings.

Want to learn more? Get started with PentesterLab Pro! GO PRO