WRITEUP #2014

Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover)

CloudAWS misconfiguration

by@gkhck_(Gokhan Guzelkokar)

Bounty

1,000

Program

Published

Oct 27, 2022

Added to HackDex

Oct 28, 2022

Read Full Writeuphttps://medium.com/@gguzelkokar.mdbf15/hatal%C4%B1-yap%C4%B1land%C4%B1r%C4%B1lm%C4%B1%C5%9F-aws-s3-bucket-%C3%BCzerinde-bulunan-g%C3%BCvenlik-a%C3%A7%C4%B1%C4%9F%C4%B1n%C4%B1n-yaratt%C4%B1%C4%9F%C4%B1-etkiler-cb073179360d

▸ RELATED WRITEUPS

The Hunt for ALBeast: A Technical Walkthrough

CloudAWS ALB

Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

CloudOIDC

Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD

CloudPrivilege escalation

Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

CloudRCE

UnOAuthorized: Privilege Elevation Through Microsoft Applications

CloudPrivilege escalation

Built with ❤️ by Shubham Rawat