Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3’rd ranking in OWASP] security vulnerability on your system.
I faced a technical security bug called “Aws Open bucket on box”.
I know that box-files is used for file uploads box urgent files and so I did a quick scan for similar buckets and
found aws open bucket as listed bellow. While I can’t confirm if you own it or not, it appears that it is publicly writable
using the aws cli.
Now I exploited it. If you verify more, so you can see my video poc that was unlisted my youtube channel.
list aws open bucket:
When I tried to write to aws open bucket, I get:
However, when I write to writable open aws bucket, I get:
upload: .poc.html to s3://box-video/poc.html
Poc as Video (Unlisted): https://youtu.be/V_ADlpGVD_w
Hopefully the bucket is yours and this isn’t a waste of time. If you do own it, a good thing is the bucket is not publicly
readable and the file appears private by default after being written. However, assuming you own it, the security issue would
be someone writing something malicious and someone on your team unknowingly opening it.
Note: Here bucket is findings by me as open aws bucket. Please resolve this issue. I Hope that, It’s Harmful vuln in your
site and also for your team.
It’s an Online It Section
Please Subscribe us.