I exploit Python's introspection and format string tricks to escape a jail that bans letters, digits, and every binary operator except modulo.
I archive a file named with a Jinja2 payload, exploit Flask's unsanitized render_template_string call, and chain the request object to import os and execute arbitrary commands.
