Тёмный

How not to implement AWS S3 signed URLs? $25,000 bounty 

Bug Bounty Reports Explained
Подписаться 57 тыс.
Просмотров 9 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Опубликовано:

 

17 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 24   
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
Welcome to the comment section! I hope you enjoyed the video. Sign up for my mailing list to receive the BBRE newsletter to get the best hacking info delivered right to your inbox: mailing.bugbountyexplained.com/
@monKeman495
@monKeman495 Год назад
Came after your recent finding so here it is all started 😂😂watching again after long time
@BugBountyReportsExplained
@BugBountyReportsExplained Год назад
Yeah, it's almost exactly the same
@renganathanofficial
@renganathanofficial Год назад
haha same here!
@dhruvkandpal9909
@dhruvkandpal9909 3 года назад
Love your content and meticulous explanation! 👏🏻👏🏻👏🏻 Keep posting such amazing videos!
@test-vf3iv
@test-vf3iv 3 года назад
nice video man really enjoyed watching it and a very easy explaination
@_DeProgrammer
@_DeProgrammer 3 года назад
Love these videos! Thanks.
@000t9
@000t9 3 года назад
Hello Is this vulnerability disclosed 2 years ago as I saw in this video?
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
yes, but cloud-related topics are only more and more popular
@000t9
@000t9 3 года назад
@@BugBountyReportsExplained Thank you!
@ahmadshami5847
@ahmadshami5847 3 года назад
my goodness that bug is so cool yet it looks so random. did the hunter mention any thing about luck involved or did he use a certain methodology.
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
unfortunately this aspect was not mentioned in the blogpost😕 I'd love to hear that too
@jaeger809
@jaeger809 3 года назад
I hope i can do this. Thanks
@hamzabettache497
@hamzabettache497 3 года назад
any chance with "GET /api/aws/getSignedImageUrl?objectName=316923.jpg&contentType=image%2Fjpeg" ?
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
yeah, definitely test the objectName parameter. Also, there's a chance for header injection using the contentType param
@hamzabettache497
@hamzabettache497 3 года назад
@@BugBountyReportsExplained thanks, how to exploit the content type and header ?
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
@@hamzabettache497 use %0d%0a characters. You'll find more by googling CRLF injection
@cybersecurity3523
@cybersecurity3523 3 года назад
Good bro
@dzakialthalsyah
@dzakialthalsyah 3 года назад
@sameersh.5647
@sameersh.5647 3 года назад
one day i am gonna hack google because of this guy
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
I hope you will! good luck!
@pmohan67
@pmohan67 3 года назад
I am beginner of bug finding How I find bug using tools Tell any tool name to finding How know the bug is there How check the bug status securely Make an video about How find bug How verify it How report it Pls Make an video 👆 👆 👆 👆
@BugBountyReportsExplained
@BugBountyReportsExplained 3 года назад
My every video is about this I think.
@tekken-pakistan2718
@tekken-pakistan2718 3 года назад
04:04 Thanks!
Далее
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
9:53
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
Просмотров 24 тыс.
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained
11:12
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained
Просмотров 15 тыс.
ПОМОГ ЗЕКУ В ТЮРЬМЕ (ПОДАРИЛ МАШИНУ) в ГТА 5 РП (GTA 5 RMRP / Криминальная Москва)
00:59
ПОМОГ ЗЕКУ В ТЮРЬМЕ (ПОДАРИЛ МАШИНУ) в ГТА 5 РП (GTA 5 RMRP / Криминальная Москва)
Просмотров 127 тыс.
Вот так ВСТРЕЧА! Степашка и Маняшка ВСТРЕТИЛИСЬ после долгой разлуки!
16:28
Вот так ВСТРЕЧА! Степашка и Маняшка ВСТРЕТИЛИСЬ после долгой разлуки!
Просмотров 113 тыс.
Она точно меня отвезет ? 🥲 #юмор #авто #грассавто
00:59
Она точно меня отвезет ? 🥲 #юмор #авто #грассавто
Просмотров 204 тыс.
Какие флаги у континентов? #азия #европа #америка
01:00
Какие флаги у континентов? #азия #европа #америка
Просмотров 687 тыс.
AWS re:Inforce 2024 - Amazon S3 presigned URL security (IAM321)
20:25
AWS re:Inforce 2024 - Amazon S3 presigned URL security (IAM321)
Просмотров 1 тыс.
Why should you use S3 presigned URLs? (A full demo included)
18:25
Why should you use S3 presigned URLs? (A full demo included)
Просмотров 36 тыс.
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
19:58
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
Просмотров 15 тыс.
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations
17:35
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations
Просмотров 37 тыс.
Use Presigned PUT URLs to Easily Upload Files to AWS S3
16:52
Use Presigned PUT URLs to Easily Upload Files to AWS S3
Просмотров 33 тыс.
Turning unexploitable XSS into an account takeover with Matan Berson
23:46
Turning unexploitable XSS into an account takeover with Matan Berson
Просмотров 12 тыс.
BUG BOUNTY: HOW TO FIND MISCONFIGURATION IN AWS S3 BUCKET #1
10:24
BUG BOUNTY: HOW TO FIND MISCONFIGURATION IN AWS S3 BUCKET #1
Просмотров 5 тыс.
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks
10:14
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks
Просмотров 4,8 тыс.
$31,337 Google Cloud blind SSRF + HANDS-ON labs
9:44
$31,337 Google Cloud blind SSRF + HANDS-ON labs
Просмотров 10 тыс.
Upload Images Directly to S3 from Front End
18:28
Upload Images Directly to S3 from Front End
Просмотров 125 тыс.
ПОМОГ ЗЕКУ В ТЮРЬМЕ (ПОДАРИЛ МАШИНУ) в ГТА 5 РП (GTA 5 RMRP / Криминальная Москва)
00:59
ПОМОГ ЗЕКУ В ТЮРЬМЕ (ПОДАРИЛ МАШИНУ) в ГТА 5 РП (GTA 5 RMRP / Криминальная Москва)
Просмотров 127 тыс.