GCP - Cloud Run Post Exploitation
Cloud Run
For more information about Cloud Run check:
pageGCP - Cloud Run EnumAccess the images
If you can access the container images check the code for vulnerabilities and hardcoded sensitive information. Also for sensitive information in env variables.
Modify the image
Modify the run image to steal information. For example, if it's exposing a login page, steal the credentials users are sending.
Last updated