Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

AWS bucket misconfiguration

POC

  • Configure aws cli on your machine. (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)

  • List the files aws s3 ls s3://

  • Create a new file an upload to the bucket aws s3 mv test.txt s3:// --acl public-read

Impact

Medium-High

Likelihood

High