I Got Root on Meta AI's Infrastructure Using a Chat Prompt

Posted by cybrdude 7 hours ago

Counter6Comment3OpenOriginal

Comments

Comment by 7 hours ago

Comment by rvz 7 hours ago

Everyone should care, but it seems no-one here does. (Because they are too busy vibe-coding their infrastructure with AI agents.)

Comment by ShowalkKama 6 hours ago

wer impact?

Just because you have root it doesn't mean it's a vulnerability. Can he read the data of other customers? Can he interact with the internal network? Do you want to know how you can get code execution on microsoft's servers? Easy, go to github and spin up a github action.

The SSRF section does NOT prove SSRF, just because you can make a server interact with attacker supplied urls it doesn't automatically mean it can reach internal things and it does not automatically mean it's exploitable, far from it.

The user location leak is also not a leak since it's fair to assume that the user already knows his own physical location. It'd be interesting if there was a way to reveal the location of other users but alas that isn't mentioned, let alone proved.

Comment by BoredPositron 6 hours ago

nothingburger and the headline is hyperbole clickbait.