The way that businesses handle their IT infrastructure has significantly changed as a result of the growth of cloud computing. A growing number of businesses are turning to cloud-based solutions because of their scalability, efficiency, and dependability. But there are potential risks and difficulties that must be handled, just like with any technology.
Let's discuss some details on cloud s3 bucket misconfiguration presently.
A common cloud storage option offered by Amazon Web Services (AWS) is S3 buckets. They make it possible for businesses to store and retrieve vast volumes of data, including user information, photos, and videos. However, S3 buckets might be open to hacking and data leaks if they are not set up properly.
In order to give users with personalised matches and experiences, dating sites mainly rely on user data. They keep a tonne of private information, such as conversation logs, photos, and personal data. The users and the business might suffer severe repercussions if this data were to end up in the wrong hands.
Now lt's back to the blog
I just began looking for bugs on dating websites, and in this case, I discovered a file upload feature on one website.
Now I'm trying to upload an SVG file. However, after a few attempts, I believe changing the file extension or attempting a dubble extension will work. I tried to get over the protection by uploading any file and capturing the request, but luck is not on my side. I finally succeeded in uploading a regular image file.
The file has been posted, and I can see a link to open it on this website.
As a result, I believe the function. Let's open the link now and copy it into Burp.
As a result, I believe the function. Let's open the link now and copy it into Burp. Now when I look at the aws cloud url.
You can now see that cloud access has been blocked. The name of the cloud bucket is similar to a website's name and data, such as (websitedata)
So that
you can see the cloud gives me a permanent redirect error and a new
cloud bucket endpoint link when I try to remove data.
I'm now attempting to open the link. The bucket is evidently open. Go to the Kali computer now, launch AWScli, and run it.
I'm now attempting to open the link. The bucket is evidently open. Go to the Kali computer now, launch AWScli, and run it.
Run this command now. aws s3 ls s3://bucketname --no-sign-request
The bucket is now visible.
Let's try adding a file to this bucket now.
Execute this command now:-
aws s3 cp HACKED.svg s3://bucketname --no-sign-request
BOOM 💥 you can see the svg file is successfuly uploaded.
Now open the web browser and open the svg file.
The XSS is successfully triggered😉
Hoping you all find this beneficial.
Happy hacking!
0 Comments