Insecure default app.run(debug=True, ...)

[moohax]

This repo doesn't seem to get updates, but for awareness, run.py sets debug=True by default. This means /console is available wherever the application is deployed. To exploit this, run commands via the Python interpreter: print(__import__('os').popen('ls -al').read())

Suggestion to fix,

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from caqe import app

app.run(debug=False, threaded=True)