Review + Dockerfile Update

Aif4thah · Aif4thah · commit 1753a0ad1533 · 2025-10-09T14:42:04.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,19 @@
-FROM debian:latest
+# Utilise l'image officielle .NET SDK 8.0
+FROM mcr.microsoft.com/dotnet/sdk:8.0
 
+# Définir l'utilisateur root
 USER root
 
-RUN apt update && \
-    apt upgrade -y && \
-    apt install -y wget git
-
-RUN wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
-    dpkg -i packages-microsoft-prod.deb && \
-    rm packages-microsoft-prod.deb
-
-RUN apt update && \
-    apt install -y dotnet-sdk-8.0 dotnet-runtime-8.0
-
-EXPOSE 3000
+# Installer Git
+RUN apt update && apt upgrade -y && apt install -y git
 
+# Cloner le dépôt
 WORKDIR /app
 RUN git clone https://github.com/Aif4thah/VulnerableLightApp.git
 WORKDIR /app/VulnerableLightApp
 
-CMD ["dotnet", "run", "--url=https://0.0.0.0:3000"]
+# Exposer le port
+EXPOSE 3000
+
+# Lancer l'application
+CMD ["dotnet", "run", "--url=https://0.0.0.0:3000"]
diff --git a/README.md b/README.md
@@ -8,11 +8,9 @@
 [![Docker](https://github.com/Aif4thah/VulnerableLightApp/actions/workflows/docker.yml/badge.svg)](https://github.com/Aif4thah/VulnerableLightApp/actions/workflows/docker.yml)
 [![Github Sponsors](https://img.shields.io/badge/GitHub%20Sponsors-30363D?&logo=GitHub-Sponsors&logoColor=EA4AAA)](https://github.com/sponsors/Aif4thah/)
 
-
 > [!WARNING]
 > This repository and its tools are provided "as is" without warranty of any kind, either express or implied, including but not limited to, any warranties of merchantability, fitness for a particular purpose, and non-infringement. The authors shall not be liable for any claims, damages, or other liabilities arising from, out of, or in connection with the use of this tool. The user is solely responsible for ensuring their use of this tool complies with all applicable laws and regulations. The authors disclaim any liability for illegal or unethical use.
 
-
 ## 🎱 Attack Surface
 
 ```mermaid
@@ -32,6 +30,7 @@ flowchart TD
     F --> M(*Sensitive Data*)
     G --> O(*Serialized Data*)
     G --> R(*Business Logic*)
+    G --> U(*Updates*)
     H --> P(*Variables and functions*)
 ```
 
@@ -49,7 +48,6 @@ flowchart TD
 | **Log Management**                     | V19 Logging and Monitoring |
 | **Service Behavior**                   | V14 API and Web Service Security, V17 Business Logic |
 
-
 ## 🐞 Vulnerabilities
 
 | MITRE Reference | Description | Difficulty |
@@ -84,23 +82,19 @@ flowchart TD
 | CWE-918 | Server-Side Request Forgery | Medium |
 | CWE-1270 | Generation of Incorrect Security Tokens | Medium |
 
-
-
 ## 🔑 Hint & Write Up
 
 * Try reading [Dojo-101](https://github.com/Aif4thah/Dojo-101), this project contains all you need to hack this app.
 
 * [Become a sponsor](https://github.com/sponsors/Aif4thah) and get access to the **full methodology** and **complete write-up**.
 
-
 ## ⬇️ Download
 
 ```PowerShell
 git clone https://github.com/Aif4thah/VulnerableLightApp.git
 cd .\VulnerableLightApp\
 ```
 
-
 ## 🔧🔥 Build and Run
 
 You can use **Dotnet** or **Docker**
@@ -135,10 +129,9 @@ Default : `127.0.0.1:3000`
 curl -k https://127.0.0.1:3000
 ```
 
+## 🛠️ Debug
 
-## 🛠️ Debug 
-
-### Dotnet install on Linux 
+### Dotnet install on Linux
 
 Ubuntu / Debian exemple
 
@@ -166,7 +159,6 @@ To trust the certificate
 dotnet dev-certs https --trust
 ```
 
-
 ### Dependancies
 
 dependancies have to be dowloaded from [standard sources](https://go.microsoft.com/fwlink/?linkid=848054)
@@ -175,7 +167,6 @@ dependancies have to be dowloaded from [standard sources](https://go.microsoft.c
 dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "Microsoft"
 ```
 
-
 ## 💜 Crédits
 
 * **Special thanks to all the hackers and students who pushed me to improve this work**
