.png)
3 years ago
230 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Guys, I Would Like To Share This Report Has been reported To Private Program In Hackerone
Summary
I have discovered S3 bucket and tested it via the AWS command-line tool in Linux. It looks like permissions are not well configured and allow Access raw Files
First You Need To Have AWS Account and configure The Access Token and Secret Token
Sometimes When Anyone Create s3 buckets Don’t Restrict The READ and Write Permissions in s3 bucket
Bucket Name cdn.Example.com
2- aws s3api list-objects cdn.Example.com
3- Found Some raw files and PGP files For the Integrity check
After That, I Decided To Download The Raw Files And Try To Mount them
wget cdn.expample.com/imagename.raw.gz
Time To mount The Images And To Show Real Impact
The Next Thing Will Need To Attach The image.raw To Loop Device
After That, I Submit The Evidence and The Report Has Been Triaged
And Rewarded $$$
Resources
Thanks For Reading My Write Up
Bengali (Bangladesh) · 
English (United States) ·