May 10, 2023

The Story of a Backstage RCE - Oxeye Presentation at Blue Hat IL

Daniel Abeles
Head of Research
Gal Goldstein
Security Researcher

The recent rise in popularity of Developer portals, which integrate critical assets within the organization, makes them lucrative targets for threat actors. Having more than 19,000 stars on Github and used by various organizations, including American Airlines, Netflix and Epic Games, Backstage – a CNCF incubated project by Spotify, is one of the most popular open source platforms for building developer portals. This presentation will showcase how we gained unauthenticated remote code execution rights on a Backstage application through a complex exploitation chain of various vulnerabilities. The chain includes a sandbox escape vulnerability we discovered along the way, improper authentication implementation, and the abuse of the integrated templating engine. By the end of this presentation, you will have an understanding of the thought process that guided us through the research, including mapping the attack surfaces, choosing the components in the app that were most likely to become exploited, and how we managed to chain them all together to achieve the ultimate goal.

You may also like
How Application Security Posture Management (ASPM) Helps Prevent Security Silos
What Is A Better Way To Do Software Composition Analysis (SCA)?
Cheat Sheet for WebP (libwebp library) 0-day Vulnerability
Announcing Github SCM Integration for SAST, SCA, and Personalized AppSec Risk Analysis
What is Application Security Posture Management?
Take Me to Prom - Exploiting an RCE in openTSDB through Prometheus
Fortifying the Fort: A Story of How a Security Company Purged Its Container Vulnerabilities
Gophers & Bees - Parsing Golang Structures in Memory with eBPF
May 10, 2023

The Story of a Backstage RCE - Oxeye Presentation at Blue Hat IL

Daniel Abeles
Head of Research
Gal Goldstein
Security Researcher

The recent rise in popularity of Developer portals, which integrate critical assets within the organization, makes them lucrative targets for threat actors. Having more than 19,000 stars on Github and used by various organizations, including American Airlines, Netflix and Epic Games, Backstage – a CNCF incubated project by Spotify, is one of the most popular open source platforms for building developer portals. This presentation will showcase how we gained unauthenticated remote code execution rights on a Backstage application through a complex exploitation chain of various vulnerabilities. The chain includes a sandbox escape vulnerability we discovered along the way, improper authentication implementation, and the abuse of the integrated templating engine. By the end of this presentation, you will have an understanding of the thought process that guided us through the research, including mapping the attack surfaces, choosing the components in the app that were most likely to become exploited, and how we managed to chain them all together to achieve the ultimate goal.

This is some text inside of a div block.
This is some text inside of a div block.
SHARE:
You may also like
May 11, 2023
Using OpenTelemetry for Application Security, with a Real Life Example - KubeCon Europe 2023 Presentation
February 28, 2023
Webinar: Why the 'A' in CNAPP is So Important - Application Security in the Age of Cloud Native Applications
April 5, 2023
'Inception': The Future of Vulnerabilities & AppSec for Cloud-Native Applications

Want to see what it looks like?

Book a live demo
AICPA - Logo
Solutions
For AppSecFor CISOFor Devs/DevSecOps
Resources
BlogResearchWebinarsTalksCase StudiesDownloadsIn The NewsDocs
Company
About UsEventsCareersPress ReleasesPodcastContact Us
2024 All rights reserved
Privacy PolicyTerms of ServiceCookie NoticeCookie Settings