Exploiting S3 bucket with path folder to Access PII info of A BANK

Hi, everyone

SPECIAL COVID-19 Note:

Story Behind the bug:

Here it goes:

Command used:

So the final command will look like this:

cat vul1.txt vul2.txt vul3.txt | sort -u >> unique_sub.txt

NOW the actual s3 hunting start:

https://XXXXX.s3.us-east-1.amazonaws.com/11XXXXXXXXXX012.pdf

Now The Actual Process How I got access to PII info:

https://XXXXX.s3.us-east-1.amazonaws.com/document/uploadXXXX.png

https://www.buymeacoffee.com/killmongar1996
https://www.buymeacoffee.com/killmongar1996

--

--

Cloud Security Engineer |Security Researcher |Pentester | Bugbounty hunter | Pentration tester | CTF player | topmate.io/santosh_kumar_sha

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Santosh Kumar Sha (@killmongar1996)

Cloud Security Engineer |Security Researcher |Pentester | Bugbounty hunter | Pentration tester | CTF player | topmate.io/santosh_kumar_sha