Back to directory
WRITEUP #3437

How @Mailru traeted my report on their program

CloudAWS misconfiguration
by@Yukusawa18(Aý Oùb)
Bounty
150
Program
Mail.ru
Published
Sep 3, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://aob-89072.medium.com/how-mailru-handled-with-my-report-on-their-program-5e1f587ecaa
RELATED WRITEUPS
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat