-
-
Notifications
You must be signed in to change notification settings - Fork 688
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
can I takeover S3 bucket? #361
Comments
how can you takeover already claimed bucket? |
I claimed the bucket not someone else @knowthetech |
If you have claimed that's simple what's the issue simply add bucket policy and enable static hosting all done why messing up with other services😁 |
Please read the comment again even if I add bucket that doesn't do anything on xyz.domain.com still it was showing same error I enabled static hosting too, if you clearly read the comment I stated the cname is pointing to fastly but not S3 but there server header is showing AmazonS3. This is edge case and I want to know what's happening if you guys know please let me know I think there is misconfiguration in DNS server |
If you add the bucket the bucket doesn't exist error will change to access denied in case of xml format takeover of s3 bucket than you change it to static hosting but you missed also adding bucket policy i get. That doesn't matter if they have fasty or cloudflare or edge in case of cdn. |
@GDATTACKER-RESEARCHER can you please elaborate. { Here is my policy, and I don't know the term XML format takeover, what I'm assuming is if the someone already did XML format takeover then it shows 403 error but they didn't update the policy to S3 bucket. But still I'm confused how cloud I takeover S3 bucket. |
{ that guy mean there are 2 type of takeover errors in s3 takeover one shows error in xml format where as other is normal white page with error metioned try this policy it will work and try visiting path to your uploaded file than. |
but there need to be a asterisk after xyz.domain.com/ |
The policy is indeed correct and I'm able to access my html file at http://xyz.domain.com.s3-website-us-east-1.amazonaws.com |
Please tell me guys if |
That's not a big issue organization will accept it still it happens sometimes. |
@GDATTACKER-RESEARCHER it's not about accepting the report or not I just want to know what could be the developer did the mistake to show such response. And btw the report got duplicated in H1 but still want to know!! |
@GDATTACKER-RESEARCHER, @knowthetech, @EdOverflow, @codingo
So, the above scenario is a false positive and cannot able to perform S3 bucket takeover Green-jam : fastly is connected to an S3 bucket that you don't have the details of. The S3 bucket you have claimed may just effectively be a random S3 bucket that matches the subdomain name. The actual S3 bucket connected to by fastly that you do not know the name of, plus it already looks claimed anyway hence the 403 from s3. regards, |
Service name
AccessDenied
![image](https://user-images.githubusercontent.com/73307963/225734878-9afe2cca-c73b-4b62-ae38-d6c2e5779a3e.png)
5) I tried claiming xyz.domain.com but it was already clamied(Domain 'domain.com' is owned by another customer)what I Have tried?
The text was updated successfully, but these errors were encountered: