RCE python web framework using signed cookie when knowing secret key. Currently support:
- flask/Werkzeug
- bottle
- django
- those using beaker.session
Proof-of-Concept for http://vudang.com/2013/01/python-web-framework-from-lfr-to-rce/
A sample vulnerable Flask app is included