A Flask app stores sessions as base64-encoded Python pickle objects. Craft a malicious __reduce__ payload to achieve RCE and exfiltrate the flag.
