AWS S3 bucket writeable for authenticated aws users

Hello BugBountyPoc viewers,

This is SaadAhmed a security researcher. This is my 1st write-up hope you all will forgive all mistakes.

Today i’ll write about the misconfigure aws s3 buckets that i found on many big sites but this writeup is about on my find on Adobe. I report this issue through Hackerone To Adobe since they reward only for their product issue so they give me only HOF

So how i found i used Robin Wood ruby tool to brute force on Adobe and find about 17 buckets but  the 8 buckets are having only PUBLIC-READ ACL  and 9 are WRITEABLE but the problem is that i’m not sure weather the Adobe owned these buckets ur not i just used my mass bucket exploiter tool and create POC and report the issue.


Adobe Team Replay

Thank you for your submission. Please note that below S3 buckets does not belong to Adobe-

We are investigating other S3 buckets, and will let you know if we have any questions. We appreciate your assistance and cooperation.

Adobe Product Security Incident Response Team


so i’m happy that remaining 12 buckets belongs to them so they switched their buckets to PRIVATE ACL


Thanks for reading . Happy Hunting

You may also like...

1 Response

  1. anonpass says:

    can u share the wordlist

Leave a Reply

Your email address will not be published. Required fields are marked *