My $20,000 S3 bug that leaked everyone’s attachments – S3 bucket misconfig of pre-signed URLs
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw
This video is an explanation of a $20,000 vulnerability in S3 integration that I discovered in a private bug bounty program.
The video from 2021: https://www.youtube.com/watch?v=G7Pre3Y46Fs
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:28 How did I approach my target?
01:50 How do S3 pre-signed URLs work?
04:36 The vulnerability
06:50 Escalating the impact
Add comment