I've seen this before. Is this a port of Microsoft IIS?
Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public. Microsoft bills the Azure App Service as just the thing if you want to “Quickly and easily create enterprise-ready web and mobile apps for any platform or device …
Easy money, though. I imagine any of us here could have pointed it out if we were Azure users and thought about it for 30 seconds.
Most bugs take some finding and hat's off to the guys and gals who sniff them out. But my reaction to that was, "Damn, I could have found that and had that bonus!"
Those little paid disclosure premiums, sooner or later, comes to bite you.
I read somewhere Microsoft had a little-protected game called Centennial Dog Food - Unfortunately, this game allowed players to gather info, emails and software from M$ clients marked HIGH CONFIDENTIAL - With a big financial impact possibility, if resold to bad actors with bad intentions.
Big Bounties need to be paid if people want their assets well protected.
Well, it's Microsoft* where security has always been an afterthought (if it's ever "thought" in the first place).
* Actually, you can probably substitute almost any computer software company here. It seems to me that security is something that's always patched in later but is NEVER part of the mix of original ingredients.