Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detector: Azure SAS Token and Publish Profile #65

Open
ankushgoel27 opened this issue Jan 30, 2025 · 2 comments
Open

Detector: Azure SAS Token and Publish Profile #65

ankushgoel27 opened this issue Jan 30, 2025 · 2 comments

Comments

@ankushgoel27
Copy link

It would be nice to also detect SAS Tokens and Azure publish Profiles. SAS tokens basically give access to azure storage containers and publish profile also contain sensitive credentials.
@rgmz
Copy link
Owner

rgmz commented Jan 30, 2025

@ankushgoel27 mind sharing some examples for both?

@ankushgoel27
Copy link
Author

@rgmz Here are some examples of the publish profile
<publishData><publishProfile profileName="lbxFaasTest-Head-1 - Web Deploy" publishMethod="MSDeploy" publishUrl="lbxfaastest-head-1.scm.azurewebsites.net:443" msdeploySite="lbxFaasTest-Head-1" userName="$lbxFaasTest-Head-1" userPWD="GZPlxk6TAPl49QMgQTrfmmKtt1ToQABkZd8zswqhXHtWGW4KT049FTsuHz8l" destinationAppUrl="https://lbxfaastest-head-1.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com" webSystem="WebSites"><databases /></publishProfile><publishProfile profileName="lbxFaasTest-Head-1 - FTP" publishMethod="FTP" publishUrl="ftps://waws-prod-sy3-091.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="lbxFaasTest-Head-1\$lbxFaasTest-Head-1" userPWD="GZPlxk6TAPl49QMgQTrfmmKtt1ToQABkZd8zswqhXHtWGW4KT049FTsuHz8l" destinationAppUrl="https://lbxfaastest-head-1.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com" webSystem="WebSites"><databases /></publishProfile><publishProfile profileName="lbxFaasTest-Head-1 - Zip Deploy" publishMethod="ZipDeploy" publishUrl="lbxfaastest-head-1.scm.azurewebsites.net:443" userName="$lbxFaasTest-Head-1" userPWD="GZPlxk6TAPl49QMgQTrfmmKtt1ToQABkZd8zswqhXHtWGW4KT049FTsuHz8l" destinationAppUrl="https://lbxfaastest-head-1.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com" webSystem="WebSites"><databases /></publishProfile></publishData>

I think this is the general format of the SAS token

?sv={service-version}&ss={services}&srt={resource-types}&sp={permissions}&se={expiry-time}&st={start-time}&spr={protocol}&sig={signature}

example from real world - https://testprod.blob.core.windows.net/testproddocs/83df11f0%2F82254ece%2F9f233cd6%2F4211b2ee%2Fdceb565a%2Fb9aab974%2F60d98dc7%2F9e29ab10?sv=2020-10-02&se=2023-03-27T08%3A55%3A32Z&sr=b&sp=r&sig=mMnfgASjqMNp%2F2c7IT%2B%2Fnz0uwg%2FoynmmUjXQAlTnnWs%3D&rscd=inline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ankushgoel27 @rgmz