Flask Error

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

Flags

Points

Challenge

Pro Exclusive

~1-2 min setup

AWS dedicated

Private instance

Industry standard

Challenge

Flask Calculator Debug Mode - Complete Solution Walkthrough

In the expression input field, enter a division by zero expression like: 5 / 0, 10 / 0, or 1 / 0
Click the "Calculate" button.
This will trigger a ZeroDivisionError and display the Flask debug page with the traceback.

On the debug page, look for the traceback section that shows the error location.
Find the line that shows: File "/app/app.py", line X, in calculate
Look at the source code displayed in the traceback, specifically around the error line.
You will see a comment in the source code: # flag = '25402d11-e607-499c-af03-3f1a59edcef5'
The flag is: 25402d11-e607-499c-af03-3f1a59edcef5

If the interactive console is available on the debug page, you can also access it.
Type flag in the console and press Enter.
The console will output: '25402d11-e607-499c-af03-3f1a59edcef5'

Debug Mode Exposure: Never run Flask (or any web app) in debug mode in production environments.
Source Code Disclosure: Debug tracebacks can reveal source code including comments that may contain sensitive information.
Error Handling: Division by zero errors should be handled gracefully without exposing debug information.
Information Disclosure: Debug pages can reveal sensitive information like secret keys, flags, and application structure.
Real-world Impact: This vulnerability is commonly found in development servers accidentally exposed to the internet.
Best Practices: Always disable debug mode, implement proper error handling, and use production-ready configurations.