Member-only story
Exploiting S3 bucket with path folder to Access PII info of A BANK
Hi, everyone
My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I Exploiting S3 bucket with path folder to Access PII info of A BANK using aws cli .
I am now offering 1:1 sessions to share my knowledge and expertise:
SPECIAL COVID-19 Note:
Don’t go outside without any reason . Stay home be safe and also safe other. Special request to my fellow bug-bounty hunter Take care of your health and get vaccinated.
TOOLS used for the exploitation
1. Subfinder (https://github.com/projectdiscovery/subfinder)
2. httpx (https://github.com/projectdiscovery/httpx)
3. gau(Corben) — https://github.com/lc/gau
4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.
Story Behind the bug:
This is the write of my latest Finding where I go access to to Access PII info of A BANK by Exploiting S3 bucket with path folder.
As The BANK does Not have the public But They Where in process to launch a private bug bounty program . So Initially the reporting the issue by a difficult Task but The Bank was highly responsive to toward issue and properly handle the vulnerability And fixed…
