- Published on
Chaining XSS, Zip Slip, and SSTI vulnerabilities to achieve remote code execution (RCE) on a Flask web server. By exploiting insecure file extraction, we overwrite a template file with an SSTI payload, allowing command execution to retrieve the flag.