Logic App 10 - Abusing Storage Container (New) Trigger

Abusing Storage Container (New) Trigger

信息

Scenario

Logic apps use connectors that perform defined actions when triggered, which when misconfigured or when the trigger URL is exposed could reveal sensitive data. Abuse the storage blob connector and obtain the flag.

Overview

What is blob trigger?

The "Blob" trigger is a type of trigger that allows us to initiate a workflow whenever a new or modified blob (file) is detected within a specified Azure Blob storage container.

Hint

• Add something to me and I will add something.

Reference

• Logic Apps Docs
• Storage Queues Docs
• Storage Blob Docs
• Azure Blob Connector

题目只给出了 UserCreds 这一信息

根据题目信息，探测用户权限，发现可以访问 Container

以及访问 Queue 的权限 (没有更改)

尝试上传几份文件

稍等片刻，即可在 Queue 中得到答案

Flags

In which storage account service did we find the flag value? (Container, Queue, Table or File)

Queue

What is the flag value we obtain ?

asuzomvi735asbqiefk735