Operation and Maintenance
Safety
AWS S3 bucket misconfiguration - millions of personal information exposed
AWS S3 bucket misconfiguration - millions of personal information exposed
1. The misconfiguration of AWS S3 bucket caused millions of personal information (PII) to be obtained
At first, when I tested the target website, I did not find it For any high-risk vulnerabilities, after nearly an hour of detection and analysis, I found that there are some insignificant IDOR and XSS vulnerabilities, but no high-risk vulnerabilities. Just when I was about to give up, I discovered that the target website used the Amazon Cloudfront service to store public images, and its storage URL link looked like the following:
https://d3ez8in977xyz.cloudfront.net/avatars /009afs8253c47248886d8ba021fd411f.jpg
At first, I thought this was just an open online data service. I casually visited the https://d3ez8in977xyz.cloudfront.net website and found that it Some public picture files were stored, but..., I was surprised to find that in addition to these picture files, some sensitive personal data information was also stored, such as: voice chat content, audio call content, text message content and other users Privacy document.
What’s terrible is that the contents stored in these sensitive files are almost all conversational information between patients and doctors.
Since different domain names of the company correspond to different AWS buckets, I turned to discover the public image storage of other domain names. Sure enough, each of its corresponding buckets stored thousands of personal data information. , I didn’t do any specific calculations at the time, but later I learned that the company’s customers numbered in the millions. The following is an illustration containing personal information:
After I reported it to the target company in time, they promptly repaired it within an hour and rewarded me Got me a reward of $2500 and $500.
2. The administrator account with login access led to the leakage of business partner company details
This is a multinational company's website, and there is a stored XSS in it, so I obtained the website's Administrator account token and in-depth testing obtained detailed information of the company's partner companies.
I discovered a stored XSS vulnerability in the data format page of the company's website. The formatted data was stored in the local administrator account, so I used XSSHunter's built-in payload to trigger a rebound. After the operator triggered the Payload, he would send me the data I wanted:
After reporting the vulnerability, I received a $1,250 reward.
Recommended related articles and tutorials: Web server security
The above is the detailed content of AWS S3 bucket misconfiguration - millions of personal information exposed. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1653
14
1413
52
1306
25
1251
29
1224
24
Unable to complete operation (Error 0x0000771) Printer error
Mar 16, 2024 pm 03:50 PM
If you encounter an error message when using your printer, such as the operation could not be completed (error 0x00000771), it may be because the printer has been disconnected. In this case, you can solve the problem through the following methods. In this article, we will discuss how to fix this issue on Windows 11/10 PC. The entire error message says: The operation could not be completed (error 0x0000771). The specified printer has been deleted. Fix 0x00000771 Printer Error on Windows PC To fix Printer Error the operation could not be completed (Error 0x0000771), the specified printer has been deleted on Windows 11/10 PC, follow this solution: Restart Print Spool
Solution to Windows Update prompt Error 0x8024401c error
Jun 08, 2024 pm 12:18 PM
Table of Contents Solution 1 Solution 21. Delete the temporary files of Windows update 2. Repair damaged system files 3. View and modify registry entries 4. Turn off the network card IPv6 5. Run the WindowsUpdateTroubleshooter tool to repair 6. Turn off the firewall and other related anti-virus software. 7. Close the WidowsUpdate service. Solution 3 Solution 4 "0x8024401c" error occurs during Windows update on Huawei computers Symptom Problem Cause Solution Still not solved? Recently, the web server needs to be updated due to system vulnerabilities. After logging in to the server, the update prompts error code 0x8024401c. Solution 1
The working principle and configuration method of GDM in Linux system
Mar 01, 2024 pm 06:36 PM
Title: The working principle and configuration method of GDM in Linux systems In Linux operating systems, GDM (GNOMEDisplayManager) is a common display manager used to control graphical user interface (GUI) login and user session management. This article will introduce the working principle and configuration method of GDM, as well as provide specific code examples. 1. Working principle of GDM GDM is the display manager in the GNOME desktop environment. It is responsible for starting the X server and providing the login interface. The user enters
Interpreting Oracle error 3114: causes and solutions
Mar 08, 2024 pm 03:42 PM
Title: Analysis of Oracle Error 3114: Causes and Solutions When using Oracle database, you often encounter various error codes, among which error 3114 is a relatively common one. This error generally involves database link problems, which may cause exceptions when accessing the database. This article will interpret Oracle error 3114, discuss its causes, and give specific methods to solve the error and related code examples. 1. Definition of error 3114 Oracle error 3114 pass
Why does the Xiangxiangfuzhai app display an error?
Mar 19, 2024 am 08:04 AM
The display error is a problem that may occur in the Xiangxiang Fuzhai app. Some users are not sure why the Xiangxiang Fuzhai app displays errors. It may be due to network connection problems, too many background programs, incorrect registration information, etc. Next, This is the editor’s introduction to how to solve app display errors for users. Interested users should come and take a look! Why does the Xiangxiang Fuzhai app display an error answer: network connection problem, too many background programs, incorrect registration information, etc. Details: 1. [Network problem] Solution: Check the device connection network status, reconnect or choose another network connection to use. Can. 2. [Too many background programs] Solution: Close other running programs and release the system, which can speed up the running of the software. 3. [Incorrect registration information
Understand Linux Bashrc: functions, configuration and usage
Mar 20, 2024 pm 03:30 PM
Understanding Linux Bashrc: Function, Configuration and Usage In Linux systems, Bashrc (BourneAgainShellruncommands) is a very important configuration file, which contains various commands and settings that are automatically run when the system starts. The Bashrc file is usually located in the user's home directory and is a hidden file. Its function is to customize the Bashshell environment for the user. 1. Bashrc function setting environment
Linux Oops: Detailed explanation of what this error means
Mar 21, 2024 am 09:06 AM
LinuxOops: Detailed explanation of the meaning of this error, need specific code examples What is LinuxOops? In Linux systems, "Oops" refers to a situation where a serious error in the kernel causes the system to crash. Oops is actually a kernel crash mechanism that stops the system when a fatal error occurs and prints out relevant error information so that developers can diagnose and fix the problem. Oops usually occur in kernel space and have nothing to do with user space applications. When the kernel encounters
How to configure and install FTPS in Linux system
Mar 20, 2024 pm 02:03 PM
Title: How to configure and install FTPS in Linux system, specific code examples are required. In Linux system, FTPS is a secure file transfer protocol. Compared with FTP, FTPS encrypts the transmitted data through TLS/SSL protocol, which improves Security of data transmission. In this article, we will introduce how to configure and install FTPS in a Linux system and provide specific code examples. Step 1: Install vsftpd Open the terminal and enter the following command to install vsftpd: sudo
