file-crawler
**  
web  
cyberedu

Find the vulnerability and get the flag. The flag is located in a temporary folder.

The main page of this website contains a photo with an interesting path.




That is vulnerable to LFI. I figured out it was written in Flask by seeing /static folder and checking on templates/base.html and templates/index.html.

The source code was in app.py


The program tries to remove any ../ but send_file(os.path.join(os.getcwd(), image_name)) line lets you access the full path you need anyway.


Checking ctf's description once again:
Find the vulnerability and get the flag.The flag is located in a temporary folder.

This made me think that the flag is in /tmp/ folder. And there it was :D




CTF{0caec419d3ad1e1f052f06bae84d9106b77d166aae899c6dbe1355d10a4ba854}