I archive a file named with a Jinja2 payload, exploit Flask's unsanitized render_template_string call, and chain the request object to import os and execute arbitrary commands.
I share how I got into CTFs, which tools and categories to start with, and why practicing through challenges beats passive learning every time.
