Pjuup the :⁠-⁠[8⁠-:⁠'⁠(😮

You need directory listing enabled for browsing the /upload folder...

This is not a dumb question. "Insecure Design" is a security flaw that appears often enough that it appears on the OWASP Top 10.

Not really the point.many lessons here. Improve best practices for dev secops. Use auto code checks when pushing to repos. Use cspm to check configs. Etc

@@simple-security I think that's the point I'm making isn't it? Those things would definitely be done by any company worth their salt. This is an unrealistic video and just seems to pick the most lightweight website possible to attack with a vector that should be easily closed. Who deploys a website that takes not only user input but pretty much any file you want in such a ridiculously insecure and open way. This is like the sort of vulnerability you might see when someone is in a bootcamp or right at the start of their career, imo? I just feel like this is one of those videos that sort of 'strawmans' a website that rarely exists in the wild, and certianly not one maintained by a company with anything sensitive to protect. It says in the title that it exploits an Azure website but actually he's exploiting a pathetically secured website that would have a whole bunch of other issues unrelated to Azure. Please correct me if I'm wrong, as I said I'm not an expert, but I do have a little bit of experience with cybersec; I recently implemented an OIDC compliant IdP SaaS prototype for my company which passed external pen test with no advisories to resolve. As a complete non-expert, if I can do that, every other engineer with at least a couple years under their belt could do exactly the same. Basically what I'm saying is no website that behaves and is so insecure like this one would be deployed by anyone with a bit of experience, so this is just a basically useless video because company's with literally anything to hide, i.e. every company lol, aren't going to do this. Happy to be corrected! :)

i mean the website is as secure as an overweight asleep security guard. It's easy to be insightful when the fucking door is left open for you to walk straight through.

Viva la résistance

I agree on this one. When an RCE happens on your server, they will always have access to secrets in one form or fashion. We are pulling our secrets in via Azure Keyvault at runtime with a managed identity, so this particular video interested me. This makes it super easy for the attacker to get access to the Keyvault to pull secrets. However if they are already on the server, they could dump memory and get them this one. I think the one take away is to make sure your managed identities are properly scoped. Don't use one managed identity for all applications.

Agree. Use system managed identity and use IAM to grant access to needed ressources and thats it. And i really do hope that people do not have VMs with PublicIPs available in azure...use a loadbalancer at least infront of it.

110% clickbait. The vulnerability is SSI, which has been known for 20+ years surfacing again due to clueless DevOps managing infrastructure.

@@wildstorm74 boat

I mean boat a speaker etc brand

Why should he worry about that tho?