AWS S3 bucket writeable for authenticated aws users

Hello BugBountyPoc viewers,

This is SaadAhmed a security researcher. This is my 1st write-up hope you all will forgive all mistakes.

Today i’ll write about the misconfigure aws s3 buckets that i found on many big sites but this writeup is about on my find on Adobe. I report this issue through Hackerone To Adobe since they reward only for their product issue so they give me only HOF

So how i found i used Robin Wood ruby tool to brute force on Adobe and find about 17 buckets but  the 8 buckets are having only PUBLIC-READ ACL  and 9 are WRITEABLE but the problem is that i’m not sure weather the Adobe owned these buckets ur not i just used my mass bucket exploiter tool and create POC and report the issue.

POC_1
POC_2

Adobe Team Replay

Thank you for your submission. Please note that below S3 buckets does not belong to Adobe-

http://adobecs3.s3.amazonaws.com
http://adobe-summit.s3.amazonaws.com
http://adobe-file.s3.amazonaws.com
http://adobe-packages.s3.amazonaws.com
http://adobe-assets.s3.amazonaws.com

We are investigating other S3 buckets, and will let you know if we have any questions. We appreciate your assistance and cooperation.

Adobe Product Security Incident Response Team

 

so i’m happy that remaining 12 buckets belongs to them so they switched their buckets to PRIVATE ACL

resolved

Thanks for reading . Happy Hunting

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *