Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amazon AWS S3 bucket takeover #776

Open
bright-security-dev bot opened this issue Dec 17, 2023 · 0 comments
Open

Amazon AWS S3 bucket takeover #776

bright-security-dev bot opened this issue Dec 17, 2023 · 0 comments

Comments

@bright-security-dev
Copy link

Amazon AWS S3 bucket takeover

Severity: High Discovered: 17 of December-2023, 09:32 PM UTC

CWE ID

CWE-284

CVSS

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Target application contains a reference to an S3 bucket that no longer exists.
An attacker can register a new S3 bucket under the same original name.
The target application would use the new S3 bucket under the control of the attacker.
Attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket,
potentially leading to data theft or other malicious activities.

Possible exposure

Data breaches, Malware distribution, negatively impact reputation

Remediation suggestions

Remove unused S3 buckets reference URLs from code.

Request

GET http://brokencrystals.com/#faq-list-4 HTTP/1.1
Referer: http://brokencrystals.com/
accept-charset: 
accept: aaa 
Cookie: bc-calls-counter=1702840728532; connect.sid=z6-4hCQDphSNOL9X22qepI6EW4NhS5rp.BSX622Bk1Gi6eg2ig5Ogyo5lpUZGJOor9sLi8RLl7ls
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36
Accept-Encoding: identity
Content-Length: 0

Response

HTTP/1.1 200
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 7465
Content-Type: text/html
Date: Sun, 17 Dec 2023 21:31:53 GMT
ETag: "65253d32-1d29"
Last-Modified: Tue, 10 Oct 2023 12:01:54 GMT

<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="description" content="Broken Crystals"><meta name="author" content="farrza@neuralegion"><link rel="manifest" href="/api/config" charset="UTF-8"/><link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-icon-57x57.png"><link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-icon-60x60.png"><link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-icon-72x72.png"><link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-icon-76x76.png"><link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-icon-114x114.png"><link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-icon-120x120.png"><link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-icon-144x144.png"><link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-icon-152x152.png"><link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-icon-180x180.png"><link rel="icon" type="image/png" sizes="192x192" href="/favicons/android-icon-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="96x96" href="/favicons/favicon-96x96.png"><link rel="icon" type="image/png" sizes="16x16" href="/favicons/favicon-16x16.png"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/favicons/ms-icon-144x144.png"><meta name="theme-color" content="#ffffff"/><meta name="insight-app-sec-validation" content="38936a45-0c2c-4f3c-89c0-a26817f2a5a8"><script id="config" type="application/json" src="/api/config"></script><link rel="manifest" href="/manifest.json"/><title>Broken Crystals</title><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet"><link href="assets/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet"><link href="assets/vendor/icofont/icofont.min.css" rel="stylesheet"><link href="assets/vendor/boxicons/css/boxicons.min.css" rel="stylesheet"><link href="assets/vendor/owl.carousel/assets/owl.carousel.min.css" rel="stylesheet"><link href="assets/vendor/venobox/venobox.css" rel="stylesheet"><link href="assets/vendor/aos/aos.css" rel="stylesheet"><link href="assets/css/style.css" rel="stylesheet"><link href="vendor/font-awesome-4.7/css/font-awesome.min.css" rel="stylesheet" media="all"><link href="vendor/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all"><link href="vendor/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all"><link href="vendor/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="vendor/bootstrap-progressbar/bootstrap-progressbar-3.3.4.min.css" rel="stylesheet" media="all"><link href="vendor/wow/animate.css" rel="stylesheet" media="all"><link href="vendor/css-hamburgers/hamburgers.min.css" rel="stylesheet" media="all"><link href="vendor/slick/slick.css" rel="stylesheet" media="all"><link href="vendor/select2/select2.min.css" rel="stylesheet" media="all"><link href="vendor/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link href="/static/css/2.50d7ef31.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="assets/vendor/jquery/jquery.min.js"></script><script src="assets/vendor/bootstrap/js/bootstrap.bundle.min.js"></script><script src="assets/vendor/jquery.easing/jquery.easing.min.js"></script><script src="assets/vendor/waypoints/jquery.waypoints.min.js"></script><script src="assets/vendor/counterup/counterup.min.js"></script><script src="assets/vendor/owl.carousel/owl.carousel.min.js"></script><script src="assets/vendor/isotope-layout/isotope.pkgd.min.js"></script><script src="assets/vendor/venobox/venobox.min.js"></script><script src="assets/vendor/aos/aos.js"></script><script src="assets/js/main.js"></script><script src="vendor/jquery-3.2.1.min.js"></script><script src="vendor/bootstrap-4.1/popper.min.js"></script><script src="vendor/bootstrap-4.1/bootstrap.min.js"></script><script src="vendor/slick/slick.min.js"></script><script src="vendor/wow/wow.min.js"></script><script src="vendor/animsition/animsition.min.js"></script><script src="vendor/bootstrap-progressbar/bootstrap-progressbar.min.js"></script><script src="vendor/counter-up/jquery.waypoints.min.js"></script><script src="vendor/counter-up/jquery.counterup.min.js"></script><script src="vendor/circle-progress/circle-progress.min.js"></script><script src="vendor/perfect-scrollbar/perfect-scrollbar.js"></script><script src="vendor/chartjs/Chart.bundle.min.js"></script><script src="vendor/select2/select2.min.js"></script><script src="js/main.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],s=0,p=[];s<i.length;s++)a=i[s],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(f&&f(r);p.length;)p.shift()();return u.push.apply(u,l||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={1:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+"static/js/"+({}[e]||e)+"."+{3:"4c133f0f"}[e]+".chunk.js"}(e);var c=new Error;u=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+u+")",c.name="ChunkLoadError",c.type=n,c.request=u,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){u({type:"timeout",target:i})}),12e4);i.onerror=i.onload=u,document.head.appendChild(i)}return Promise.all(r)},a.m=e,a.c=n,a.d=function(e,r,t){a.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,r){if(1&r&&(e=a(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)a.d(t,n,function(r){return e[r]}.bind(null,n));return t},a.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(r,"a",r),r},a.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},a.p="/",a.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpreact-broken-crystals"]=this["webpackJsonpreact-broken-crystals"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var f=c;t()}([])</script><script src="/static/js/2.e31297e0.chunk.js"></script><script src="/static/js/main.d0e39dc9.chunk.js"></script></body></html>

External links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants