Hello,

let’s suppose that I have a site in which a user can upload images/profile pics. Let’s also assume that I am using an external CDN (like cloudfront) and the file upload has not the proper security measures so that an attacker uploads a malicious php shell.

So my question is: after that the attacker is able to upload the malicious file, how would he be able to trigger the execution of it, considering that it is not hosted in my environment but only in the cdn?

My neighbor who recently passed away used to keep our system turned off so mail carriers could actually get in and not leave with our packages. It also meant the neighbor kids and neighbors wouldn’t always get locked out and knock on my patio door (since I work from home) to get let into the building through my apartment.

Never told me how he did it, but I’d really like to know. It’s a simple round key fob and a black box we scan it on to turn the light from red to green, then it lets us in. The neighbor got the light to stay green. Help? (Edit: the mail carriers won’t even both getting out of their truck unless the light is green)

Also, I’ve asked each apartment manager we’ve had to give the mail people key fobs and they don’t. And another building has figured it out without our recently deceased neighbor (he did it for all the buildings and redid it every time it was fixed). We have a neighbor in the building who always removes rocks from the door to keep it locked, so blocking the door won’t work.

I’m not putting anyone in danger with this btw, our actual apartments don’t use the key fob system, just the building’s main door.