Hacker News new | past | comments | ask | show | jobs | submit login

Well, if it was a misconfigured WAF (which usually is just a reverse proxy with mod_proxy) to an application then you would not need to gain access to any Tokens, etc. all you would need to do is gain access to the server. Or be able to use that WAF as a proxy to gain access to other http bound resources?

From there any IAM role access the underlying server had, you would now have as well. And that would work with any sort of access (don't need root, etc.)

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact