Title here
Summary here
Werkzeug
Werkzeug
Werkzeug is a comprehensive WSGI web application library. It began as a simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility libraries.
Source code
- werkzeug/debug/__init__.py#L179: Debug PIN generation.
- werkzeug/debug/__init__.py#L509: Handle
?__debugger__=yes.
PIN in Debug mode
probably_public_bits = [
'root', # linux username
'flask.app',
'Flask',
'/usr/local/lib/python3.11/site-packages/flask/app.py'
]
private_bits = [
'157132472873131',
# uuid.getnode()
# /sys/class/net/eth0/address
# int("8e:e9:41:3a:70:ab".replace(":", ""), 16)
'6adbfbbe-c412-4d79-9110-2abace330a34'
# /proc/sys/kernel/random/boot_id
]Vulnerabilities
Client-Side Desync
- Version: 2.1.0 to 2.1.1
- Mizu - Abusing Client-Side Desync on Werkzeug
Prev
VueJSNext
Window object