Web
Renderer
8/18/2025
by yeknom
scriptCTF
WriteUp
Renderer
📋 Description
Introducing Renderer! A free-to-use app to render your images!
💡 Walkthough
The app stores a “secret cookie” in a file under the publicly served static directory and uses it as a gate to the /developer page.
app.py:
...
@app.route('/developer')
def developer():
cookie = request.cookies.get("developer_secret_cookie")
correct = open('./static/uploads/secrets/secret_cookie.txt').read()
if correct == '':
c = open('./static/uploads/secrets/secret_cookie.txt','w')
c.write(sha256(os.urandom(16)).hexdigest())
c.close()
correct = open('./static/uploads/secrets/secret_cookie.txt').read()
if cookie == correct:
c = open('./static/uploads/secrets/secret_cookie.txt','w')
c.write(sha256(os.urandom(16)).hexdigest())
c.close()
return f"Welcome! There is currently 1 unread message: {open('flag.txt').read()}"
else:
return "You are not a developer!"
...
display.html: