Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amazon AWS S3 bucket takeover #231

Open
bright-security bot opened this issue Jul 9, 2023 · 0 comments
Open

Amazon AWS S3 bucket takeover #231

bright-security bot opened this issue Jul 9, 2023 · 0 comments

Comments

@bright-security
Copy link

Amazon AWS S3 bucket takeover

Severity: High Discovered: 09 of July-2023, 12:34 PM

CWE ID

CWE-284

CVSS

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Target application contains a reference to an S3 bucket that no longer exists.
An attacker can register a new S3 bucket under the same original name.
The target application would use the new S3 bucket under the control of the attacker.
Attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket,
potentially leading to data theft or other malicious activities.

Possible exposure

Data breaches, Malware distribution, negatively impact reputation

Remediation suggestions

Remove unused S3 buckets reference URLs from code.

Request

GET https://brokencrystals.com/?email=&message=NexPloitData&name=gadi&subject=abc8d5c8968 HTTP/1.1
Referer: https://brokencrystals.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: identity
cookie: connect.sid=_xsSLLdWq-YvBh-XproHDV0vIAjimNLK.OUg14u%2BnoJdtj99UTQFk9DN2bK%2BVVwkaMRy1Y6NG61c; bc-calls-counter=1688905982959
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJleHAiOjE2ODczMzg5MDB9.Tct-MaLY5LU49s0IR6i-ydQtnG32Hw3OqxD06fu5fZWagWbo2ICsDOPQTKvSPrvZB1c0LzdsEKD_OVzic6KoJ88PvXIuUgh5nHq11q6baEocW8R9yxQjpCDH6rWu90GWeV-X9OgZewVTTWvSIrPL23UE7axbwoh0yQZJOVP4pRLZC85VRVgzUABTY-mk2sxJtu824r3wZBc7mK5rCooW1E88EcZ15UVWBwXjGDZy28ziFTfx1MtMmN13bm9_sQlhnXLd6B1KP_Fb-RlnfByoCXRd7kowwRIZbUqHXwaOHDTnP6uogeeTlT0KNrmaJZoWWmYpmlCbw1KdLiqjWnU2UrqMa9A1fCbuZQf5192NnPE-Htz3y3k_BEScMCg2rKr8jDGIREZxvajRgIcNWUDsgKSrSNGyR6o-iAMOXkvY58LU7W6ERuWYaw7ulUqdY2MNAYOHmQdQF3SML-Ng2bkIHvuiWa_gLVRW75fJypzLz3Cpi6gz8M-OF2hR1t7d8u0xBjjCGfJUTte6oa7Qip5S_K8taxMTyBzYaSgZt6NWgXKiX8j9XDEy8Sr-GITRPAElzOMj-ezTBdvxWc8-C4xt00JVspiewPCFvlu6gbh8GyoGftgXHcdaXDvQoqk2rc44cnJ1NPayuT-Y7qb5DaMn-YWVrtNtELRdJyzVD-lmtsw
Content-Length: 0

Response

HTTP/1.1 200
accept-ranges: bytes
content-length: 7465
content-type: text/html
date: Sun, 09 Jul 2023 12:34:17 GMT
etag: "646aed20-1d29"
last-modified: Mon, 22 May 2023 04:18:40 GMT

<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="description" content="Broken Crystals"><meta name="author" content="farrza@neuralegion"><link rel="manifest" href="/api/config" charset="UTF-8"/><link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-icon-57x57.png"><link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-icon-60x60.png"><link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-icon-72x72.png"><link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-icon-76x76.png"><link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-icon-114x114.png"><link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-icon-120x120.png"><link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-icon-144x144.png"><link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-icon-152x152.png"><link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-icon-180x180.png"><link rel="icon" type="image/png" sizes="192x192" href="/favicons/android-icon-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="96x96" href="/favicons/favicon-96x96.png"><link rel="icon" type="image/png" sizes="16x16" href="/favicons/favicon-16x16.png"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/favicons/ms-icon-144x144.png"><meta name="theme-color" content="#ffffff"/><meta name="insight-app-sec-validation" content="38936a45-0c2c-4f3c-89c0-a26817f2a5a8"><script id="config" type="application/json" src="/api/config"></script><link rel="manifest" href="/manifest.json"/><title>Broken Crystals</title><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet"><link href="assets/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet"><link href="assets/vendor/icofont/icofont.min.css" rel="stylesheet"><link href="assets/vendor/boxicons/css/boxicons.min.css" rel="stylesheet"><link href="assets/vendor/owl.carousel/assets/owl.carousel.min.css" rel="stylesheet"><link href="assets/vendor/venobox/venobox.css" rel="stylesheet"><link href="assets/vendor/aos/aos.css" rel="stylesheet"><link href="assets/css/style.css" rel="stylesheet"><link href="vendor/font-awesome-4.7/css/font-awesome.min.css" rel="stylesheet" media="all"><link href="vendor/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all"><link href="vendor/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all"><link href="vendor/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="vendor/bootstrap-progressbar/bootstrap-progressbar-3.3.4.min.css" rel="stylesheet" media="all"><link href="vendor/wow/animate.css" rel="stylesheet" media="all"><link href="vendor/css-hamburgers/hamburgers.min.css" rel="stylesheet" media="all"><link href="vendor/slick/slick.css" rel="stylesheet" media="all"><link href="vendor/select2/select2.min.css" rel="stylesheet" media="all"><link href="vendor/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link href="/static/css/2.50d7ef31.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="assets/vendor/jquery/jquery.min.js"></script><script src="assets/vendor/bootstrap/js/bootstrap.bundle.min.js"></script><script src="assets/vendor/jquery.easing/jquery.easing.min.js"></script><script src="assets/vendor/waypoints/jquery.waypoints.min.js"></script><script src="assets/vendor/counterup/counterup.min.js"></script><script src="assets/vendor/owl.carousel/owl.carousel.min.js"></script><script src="assets/vendor/isotope-layout/isotope.pkgd.min.js"></script><script src="assets/vendor/venobox/venobox.min.js"></script><script src="assets/vendor/aos/aos.js"></script><script src="assets/js/main.js"></script><script src="vendor/jquery-3.2.1.min.js"></script><script src="vendor/bootstrap-4.1/popper.min.js"></script><script src="vendor/bootstrap-4.1/bootstrap.min.js"></script><script src="vendor/slick/slick.min.js"></script><script src="vendor/wow/wow.min.js"></script><script src="vendor/animsition/animsition.min.js"></script><script src="vendor/bootstrap-progressbar/bootstrap-progressbar.min.js"></script><script src="vendor/counter-up/jquery.waypoints.min.js"></script><script src="vendor/counter-up/jquery.counterup.min.js"></script><script src="vendor/circle-progress/circle-progress.min.js"></script><script src="vendor/perfect-scrollbar/perfect-scrollbar.js"></script><script src="vendor/chartjs/Chart.bundle.min.js"></script><script src="vendor/select2/select2.min.js"></script><script src="js/main.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,p=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(s&&s(r);p.length;)p.shift()();return u.push.apply(u,l||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={1:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+"static/js/"+({}[e]||e)+"."+{3:"973f3222"}[e]+".chunk.js"}(e);var c=new Error;u=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+u+")",c.name="ChunkLoadError",c.type=n,c.request=u,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){u({type:"timeout",target:i})}),12e4);i.onerror=i.onload=u,document.head.appendChild(i)}return Promise.all(r)},a.m=e,a.c=n,a.d=function(e,r,t){a.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,r){if(1&r&&(e=a(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)a.d(t,n,function(r){return e[r]}.bind(null,n));return t},a.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(r,"a",r),r},a.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},a.p="/",a.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpreact-broken-crystals"]=this["webpackJsonpreact-broken-crystals"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var s=c;t()}([])</script><script src="/static/js/2.15e484a3.chunk.js"></script><script src="/static/js/main.9e44b974.chunk.js"></script></body></html>

External links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants