HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access

Hi, everyone

My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be Describing HOW I Found 16 Critical and 1 Medium Security Bug on IndusInd Bank like SSRF aws Full access.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

SPECIAL COVID-19 Note:

Don’t go outside without any reason . Stay home be safe and also safe other. Special request to my fellow bug-bounty hunter Take care of your health and get vaccinated.

TOOLS used for the exploitation

1. Subfinder (https://github.com/projectdiscovery/subfinder)

2. httpx (https://github.com/projectdiscovery/httpx)

3. gau(Corben) — https://github.com/lc/gau

4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.

Story Behind the bug:

This is the writeup of my how compromising the bank production and get access to BANK AWS data by SSRF and escalating it get their aws production server customer stored data.

There was no Responsive disclosure program or Bugbounty program but still i report 15 SSRF aws access , 1 Blind ssrf and few more. Many other critical bug because of…

--

--

Santosh Kumar Sha(@killmongar1996)

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha