Open in app

Sign in

Write

Sign in

HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access

Santosh Kumar Sha(@killmongar1996)
5 min readDec 25, 2021

Hi, everyone

My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be Describing HOW I Found 16 Critical and 1 Medium Security Bug on IndusInd Bank like SSRF aws Full access.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

SPECIAL COVID-19 Note:

Don’t go outside without any reason . Stay home be safe and also safe other. Special request to my fellow bug-bounty hunter Take care of your health and get vaccinated.

TOOLS used for the exploitation

1. Subfinder (https://github.com/projectdiscovery/subfinder)

2. httpx (https://github.com/projectdiscovery/httpx)

3. gau(Corben) — https://github.com/lc/gau

4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.

Story Behind the bug:

This is the writeup of my how compromising the bank production and get access to BANK AWS data by SSRF and escalating it get their aws production server customer stored data.

There was no Responsive disclosure program or Bugbounty program but still i report 15 SSRF aws access , 1 Blind ssrf and few more. Many other critical bug because of…

--

--

Santosh Kumar Sha(@killmongar1996)

Written by Santosh Kumar Sha(@killmongar1996)

2.1K Followers

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams