Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amazon AWS S3 bucket takeover #709

Open
bright-security-dev bot opened this issue Oct 5, 2023 · 0 comments
Open

Amazon AWS S3 bucket takeover #709

bright-security-dev bot opened this issue Oct 5, 2023 · 0 comments

Comments

@bright-security-dev
Copy link

Amazon AWS S3 bucket takeover

Severity: High Discovered: 05 of October-2023, 12:44 PM

CWE ID

CWE-284

CVSS

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Target application contains a reference to an S3 bucket that no longer exists.
An attacker can register a new S3 bucket under the same original name.
The target application would use the new S3 bucket under the control of the attacker.
Attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket,
potentially leading to data theft or other malicious activities.

Possible exposure

Data breaches, Malware distribution, negatively impact reputation

Remediation suggestions

Remove unused S3 buckets reference URLs from code.

Request

GET http://brokencrystals.com/x HTTP/1.1
Referer: http://brokencrystals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: identity
Connection: keep-alive
Cookie: connect.sid=s7PbnouU7SPIHR5jQwkVW5CaVOKFNrQE.2BK2w9P0mU67K1NxCqAXx8oCKyHIElbbt8U5oSO8lFE; bc-calls-counter=1696506324718; _csrf=iDr4FanBxSdS4ivl%2Fj6qcfjeQ8%2F9pKFT
Host: brokencrystals.com
Content-Length: 0

Response

HTTP/1.1 200
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 7465
Content-Type: text/html
Date: Thu, 05 Oct 2023 12:44:01 GMT
ETag: "64d248ac-1d29"
Last-Modified: Tue, 08 Aug 2023 13:52:44 GMT

<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="description" content="Broken Crystals"><meta name="author" content="farrza@neuralegion"><link rel="manifest" href="/api/config" charset="UTF-8"/><link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-icon-57x57.png"><link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-icon-60x60.png"><link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-icon-72x72.png"><link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-icon-76x76.png"><link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-icon-114x114.png"><link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-icon-120x120.png"><link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-icon-144x144.png"><link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-icon-152x152.png"><link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-icon-180x180.png"><link rel="icon" type="image/png" sizes="192x192" href="/favicons/android-icon-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="96x96" href="/favicons/favicon-96x96.png"><link rel="icon" type="image/png" sizes="16x16" href="/favicons/favicon-16x16.png"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/favicons/ms-icon-144x144.png"><meta name="theme-color" content="#ffffff"/><meta name="insight-app-sec-validation" content="38936a45-0c2c-4f3c-89c0-a26817f2a5a8"><script id="config" type="application/json" src="/api/config"></script><link rel="manifest" href="/manifest.json"/><title>Broken Crystals</title><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet"><link href="assets/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet"><link href="assets/vendor/icofont/icofont.min.css" rel="stylesheet"><link href="assets/vendor/boxicons/css/boxicons.min.css" rel="stylesheet"><link href="assets/vendor/owl.carousel/assets/owl.carousel.min.css" rel="stylesheet"><link href="assets/vendor/venobox/venobox.css" rel="stylesheet"><link href="assets/vendor/aos/aos.css" rel="stylesheet"><link href="assets/css/style.css" rel="stylesheet"><link href="vendor/font-awesome-4.7/css/font-awesome.min.css" rel="stylesheet" media="all"><link href="vendor/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all"><link href="vendor/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all"><link href="vendor/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="vendor/bootstrap-progressbar/bootstrap-progressbar-3.3.4.min.css" rel="stylesheet" media="all"><link href="vendor/wow/animate.css" rel="stylesheet" media="all"><link href="vendor/css-hamburgers/hamburgers.min.css" rel="stylesheet" media="all"><link href="vendor/slick/slick.css" rel="stylesheet" media="all"><link href="vendor/select2/select2.min.css" rel="stylesheet" media="all"><link href="vendor/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link href="/static/css/2.50d7ef31.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="assets/vendor/jquery/jquery.min.js"></script><script src="assets/vendor/bootstrap/js/bootstrap.bundle.min.js"></script><script src="assets/vendor/jquery.easing/jquery.easing.min.js"></script><script src="assets/vendor/waypoints/jquery.waypoints.min.js"></script><script src="assets/vendor/counterup/counterup.min.js"></script><script src="assets/vendor/owl.carousel/owl.carousel.min.js"></script><script src="assets/vendor/isotope-layout/isotope.pkgd.min.js"></script><script src="assets/vendor/venobox/venobox.min.js"></script><script src="assets/vendor/aos/aos.js"></script><script src="assets/js/main.js"></script><script src="vendor/jquery-3.2.1.min.js"></script><script src="vendor/bootstrap-4.1/popper.min.js"></script><script src="vendor/bootstrap-4.1/bootstrap.min.js"></script><script src="vendor/slick/slick.min.js"></script><script src="vendor/wow/wow.min.js"></script><script src="vendor/animsition/animsition.min.js"></script><script src="vendor/bootstrap-progressbar/bootstrap-progressbar.min.js"></script><script src="vendor/counter-up/jquery.waypoints.min.js"></script><script src="vendor/counter-up/jquery.counterup.min.js"></script><script src="vendor/circle-progress/circle-progress.min.js"></script><script src="vendor/perfect-scrollbar/perfect-scrollbar.js"></script><script src="vendor/chartjs/Chart.bundle.min.js"></script><script src="vendor/select2/select2.min.js"></script><script src="js/main.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,p=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(s&&s(r);p.length;)p.shift()();return u.push.apply(u,l||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={1:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+"static/js/"+({}[e]||e)+"."+{3:"973f3222"}[e]+".chunk.js"}(e);var c=new Error;u=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+u+")",c.name="ChunkLoadError",c.type=n,c.request=u,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){u({type:"timeout",target:i})}),12e4);i.onerror=i.onload=u,document.head.appendChild(i)}return Promise.all(r)},a.m=e,a.c=n,a.d=function(e,r,t){a.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,r){if(1&r&&(e=a(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)a.d(t,n,function(r){return e[r]}.bind(null,n));return t},a.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(r,"a",r),r},a.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},a.p="/",a.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpreact-broken-crystals"]=this["webpackJsonpreact-broken-crystals"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var s=c;t()}([])</script><script src="/static/js/2.15e484a3.chunk.js"></script><script src="/static/js/main.9e44b974.chunk.js"></script></body></html>

External links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants