Tags: flask python aes-ecb flask-session aes
Rating:
TL;DR
1. Bruteforce flask session key using `flask-unsign`
2. Re-order AES-ECB blocks created by registering two carefully crafted usernames to forge a user that has the `admin` role
3. Request `/secret` with the forged session containing the reordered AES-ECB blocks to get the flag
