Course
In this lab, we explore how to execute code within a vulnerable Flask application using the <code>__import__('os').system(...)</code> syntax to bypass the absence of a direct <code>os</code> module import. By replacing the initial call to <code>id</code> with the <code>score</code> command, users can successfully complete the exercise.
Skills covered
Injection
Operating System
CWE-20, CWE-95
Included with PRO
Full course content
2 videos
Common mistakes
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
