Back to directory
WRITEUP #5316

How I earned $1,500 in just 15 mins due to Amazon S3 bucket misconfiguration?

CloudAWS misconfiguration
by@protector47(Muhammad Asim Shahzad)
Bounty
1,500
Program
Dropbox
Published
Jun 16, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20201107231430/https://medium.com/@protector47/how-i-earned-1-500-in-just-15-mins-due-to-amazon-s3-bucket-misconfiguration-953b28242f95
RELATED WRITEUPS
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat