Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud

carlospolop · carlospolop · commit 1bae0f14cc2c · 2026-01-18T12:49:28.000+01:00
diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-static-web-apps-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-static-web-apps-privesc.md
@@ -144,12 +144,19 @@ az rest --method put \
 
 ### Microsoft.Web/staticSites/listSecrets/action
 
-This permission allows to get the **API key deployment token** for the static app:
+This permission allows to get the **API key deployment token** for the static app.
+
+Using az rest:
 
 ```bash
 az rest --method POST \
 --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/listSecrets?api-version=2023-01-01"
 ```
+Using AzCLI:
+
+```bash
+az staticwebapp secrets list --name <appname> --resource-group <RG>
+```
 
 Then, in order to **update an app using the token** you could run the following command. Note that this command was extracted checking **how to Github Action [https://github.com/Azure/static-web-apps-deploy](https://github.com/Azure/static-web-apps-deploy) works**, as it's the one Azure set by default ot use. So the image and paarements could change in the future.
 
