Subdomain Misconfiguration lead to AWS S3 Buckets Reader

Bug Type : Subdomain misconfiguration
Program : Private on HackerOne
Severity : P2 ( High
Bounty : 600$ + 200$ Bouns
Subdomain :

How I found this Bug 
it was simple When I go direct to I found it redirect to

So now I started to found the cname and it was  >

Here was the bug I saw many companies use the same error 
Developers must add a white s3 Buckets list 

So now I can call any bucket on

example :

Steps to find This error very simple
 if the subdomain has this alias 
Try to add your bucket directly to subdomain 
example :
if it run this is vulnerable if not so this mean developers added a white buckets list


Please see this Write Up for create your Bucket



Post a Comment