Weakness: Improper Storage of files on S3 Buckets
- While Testing one of the private on Hackerone , Their Main Feature functionality is to Write code for Their project and save the project’s as (Private/Public)
- Whenever we store something in public Project . it’s files get store to
Here sagewfextdg is the ID for the PUBLIC Projects
- Same thing tried with Private Projects :
Here sawexvecswt is the ID for the Private Projects
- Now we got ID for Public/Private projects files at s3 Bucket where files are getting saved.
- Only thing we have this/1494851423/ which is nothing but timestamp
Timestamp is encoded information identifying current date-month-year-hour-minutes-seconds
- You can convert the timestamp to human readable format from here http://www.unixtimestamp.com/
- Wrote a simple script to generate timestamp for whole day(24 hours) using datetime python module and Started Fuzzing
- Able to access private files of Other User’s.
- They have Added Auth Token Verifier to View or Download Files from S3 Bucket as a FIX.