Back to directory
WRITEUP #5090

1-800-Flowers Credentials and message log leak via facebook.com/facebook

CloudAWS misconfiguration
by@phwd(Philippe Harewood)
Program
Meta / Facebook
Published
Oct 17, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://philippeharewood.com/1-800-flowers-credentials-and-message-log-leak-via-facebook-com-facebook/
RELATED WRITEUPS
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat