I Got Root on Meta AI's Infrastructure Using a Chat Prompt(netguard24-7.com)
4 pointsby cybrdude2 hours ago3 comments
  • 2 hours ago
    undefined
  • rvzan hour ago
    Everyone should care, but it seems no-one here does. (Because they are too busy vibe-coding their infrastructure with AI agents.)
    • ShowalkKamaan hour ago
      wer impact?

      Just because you have root it doesn't mean it's a vulnerability. Can he read the data of other customers? Can he interact with the internal network? Do you want to know how you can get code execution on microsoft's servers? Easy, go to github and spin up a github action.

      The SSRF section does NOT prove SSRF, just because you can make a server interact with attacker supplied urls it doesn't automatically mean it can reach internal things and it does not automatically mean it's exploitable, far from it.

      The user location leak is also not a leak since it's fair to assume that the user already knows his own physical location. It'd be interesting if there was a way to reveal the location of other users but alas that isn't mentioned, let alone proved.

  • BoredPositronan hour ago
    nothingburger and the headline is hyperbole clickbait.