How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be Describing How I was able Find multiple SSRF with aws metadata access ON a Essilor International company System and Get access to there production server.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

SPECIAL Note:

Don’t go outside test scope without any permission. Stay safe and also hack safe . Special request to my fellow bug-bounty hunter Take care of your health and always abide the rule of engagement.

TOOLS used for the exploitation

1. Subfinder (https://github.com/projectdiscovery/subfinder)

2. httpx (https://github.com/projectdiscovery/httpx)

3. gau(Corben) — https://github.com/lc/gau

4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.

Story Behind the bug:

This is the write of my compromising the insurance company production and get access to 100GB customer High profile data by SSRF and escalating it get their aws production server customer stored data.

--

--

Santosh Kumar Sha(@killmongar1996)

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha