London DevOps #98.1 - Concrete Evidence: Two Races, One RCE - Adrian Tiron
Автор: London DevOps
Загружено: 2026-02-24
Просмотров: 14
Описание:
Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications.
Adrian is the Co-Founder and Principal Pentester/Red Teamer at Fortbridge, bringing over 20 years of hands-on experience in cybersecurity. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security.
Thanks to our hosts AutogenAI, and our sponsors Adaptavist, Prism Digital and Tyme Technologies.
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
