.png)
2 months ago
43 BOOK THIS SPACE FOR AD
ARTICLE ADHello readers :)
Let me introduce Myself. I am a noob script kiddie. Trying my luck at Bug Bounty :) I also played CTFs for almost 3 years now…. Before going directly to the finding. I would Like to tell you my thought process of how I ended up getting this in the first place 🤔
I was attempting the Mercer-Mettl Cybersecurity Hackathon, where I ended up 2nd Runner up. So there was a challenge that involved Misconfigured AWS s3 Bucket. Where We had read access and One can download the contents of the S3 bucket using AWS cli tool. After configuring the aws tool using this :
aws s3 ls --summarize --human-readable --recursive s3://<BucketName> --no-sign-requestThis could potentially be possible in real life if the creator of the S3 bucket is unaware of permission or misses to check this...
Now I started looking for s3 buckets. Started looking for Proof of Concepts on the Internet and Tutorials(I don't always see tutorials I prefer self-learning).
I ended up finding a video that demonstrated the use of the Lazys3 tool by Nahamsec.
Now I was like this seems promising to test on websites and companies. I saw that the response in the video gave 200 ok I thought it must have been already fixed by now... Since the video was years old.
When I tried my Suprise it was still given the status code (200)😱
Then I tried to apply what I learned from the CTF challenge 😈 responsibly…
I got directories like cashreceipts/ and profilePhotos/ with about gigs of data exposed on the internet. The Count of profile photos was increasing as the people log in.
And I found that the company had a private self-hosted bug bounty program…
I was like :I reported the bug...
Got a response within 12 hrs: They will review it and come back in 3 working days… I was like ok …
Then: after 3 days Reached out to me saying it had already been reported by another researcher. (Duplicate)
I was really surprised and worried about the company's security such a critical one-click fix bug that exposed the whole data of the company was left open and exposed… for so long..
I waited for a fix… after 7 days of waiting, I was really worried about the bug.
At this point, I am more concerned than the company about customers' PII leak which could potentially lead to a DATA breach🤣
I reached out to the CTO of the company on LinkedIn that's PEAK ik… At this point, it wasn't about money but as a responsible ethical hacker, I approached him about this severe bug exposed publicly. IDK from yrs. Since the Video was almost more than 2 years old. About a Million and counting users' data was exposed…
I forwarded the details as he asked and They fixed it in 1 day. Stating it was reported a few days back 🤔🤔
Which is really impossible but anyway it's fixed!
Anyway that was it my side hope you liked this whatever it was…
This was my first time writing on medium. So open to critics :) …
Drop your views on this 😀
If this goes well, I will start blogging my other findings as well...
Up next Blog :
How I got my $$$ bounty (soon :)
LinkedIn: https://www.linkedin.com/in/yash-somalkar-337957227
X: https://x.com/RuDrAkShacker
Thanks again for reading till this point!
Bengali (Bangladesh) · 
English (United States) ·