Hope you are doing good
Today i am going to discuss about the information leak in some popular websites .For Privacy Purpose we will not discuss about company Name.
1: Million of users Medical records and there personal Details Leak due to AWS S3 bucket mis-configuration:
I was testing there websites for an hour and didn’t able to find any High Severity bug,after an hour of reconan dtesting ,i was able to found couple of IDOR and XSS, but i wanted to find some critical issue.
I was about to give up , suddenly i see ,they are using Amazon Cloudfront Service for storing public image && URL look something like this
initially i think its just public data but i try to visit https://d3ez8in977xyz.cloudfront.net , and i found that they storing public images , but after seeing other files i was shocked to see they have stored some personal data publicly like:
video chat, audio calls, text message and some user private files.
well these files have contained conversion between the patient and Doctors.
and different domain have there different storage bucket and so i start finding the other domain image storage location, and each bucket have thousands of data, well i didn’t calculated how many users info stored in it, but after googling the company users , found out they have millions users.
this is the one of bucket Pic :in csv file ,it contain Text Messages between them
So I Quickly reported to them and they resolved it within hour and awarded me $2500 bounty with $500 bonus bounty.
Funny Thing here is that
I have listened some of the audio files and i found one thing common , most of them are about Girlfriend/Boyfriend Issues, and they all crying about how they are suffering with anxiety after he/she dumped him/her ,because they find there partners Cheating . 😄
2: Internal Admin Account Access ,Leak Business Partners Details
So this is Story About blind stored XSS Found in Giant MNC Company, website,by this i was able to get the details of admin account [Access Token and other personal details]and along with, i was able to get there Business Clients details too.
I found Vulnerable point in their form , and these form data is stored in Local admin account.
so instead of simple XSS payload, i used XSSHunter Payload , so whenever my payload executed , it will send data back to me.
For this Issue, they awarded me $1250 Bounty
That’s it for Now
If you Love It, Feel Free to ReTweet it.
Rich Guy Can Donate Here 😄