У нас вы можете посмотреть бесплатно London DevOps #98.1 - Concrete Evidence: Two Races, One RCE - Adrian Tiron или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications. Adrian is the Co-Founder and Principal Pentester/Red Teamer at Fortbridge, bringing over 20 years of hands-on experience in cybersecurity. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security. Thanks to our hosts AutogenAI, and our sponsors Adaptavist, Prism Digital and Tyme Technologies.