Amazon Simple Storage Service aka S3 is a cloud storage for the Internet. You first create a bucket and you can then upload any number of objects (photos, videos, documents etc.) to it. However if the permissions (ACL) are not well settled, bad things can happen.
Recently disclosed by Hackerone, a misconfiguration in their Amazon Web Services S3 buckets allowed any authenticated user to write in there. From here an attacker could upload a malicious file waiting for someone open it, or overwrite existing files.
When you crawl a website, you can you can check the presence of S3 by intercepting calls to
The bucket call can have different look:
Once you get the bucket name, you can execute many tests using awscli to check his permissions. If you try to access to a bucket who doesn’t exist, you’ll get this message:
$ aws s3 ls s3://gwen001-azertyuiop A client error (NoSuchBucket) occurred when calling the ListObjects operation: The specified bucket does not exist
If you try to execute a command you are not allowed to, you’ll then get something like this:
$ aws s3 ls s3://gwen001-test000/ A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied