34.95.87.178 - see bug description

[Ramansh123454]

URL: https://34.95.87.178/

Browser / Version: Chrome 106.0.0
Operating System: Linux
Tested Another Browser: Yes Firefox

Problem type: Something else
Description: S3 listing leads to Information Disclosure
Steps to Reproduce:
Vulnerability-
Summary:
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides management features so that you can optimize, organize, and configure access to your data to meet your specific business, organizational, and compliance requirements.

However, if the buckets are not configured properly, or are unclaimed, an attacker can probably perform some mischievous actions such as S3 Bucket Takeover or S3 Content Takeover.

Severity : High
Complexity : Easy

Steps to reproduce:
Visit the vulnerable url and you'll see the listing available

Proof of concept :
Screenshot will be attached

Mitigations/ Solution:

Use Amazon S3 block public access. With Amazon S3 block public access, account administrators and bucket owners can easily set up centralized controls to limit public access to their Amazon S3 resources that are enforced regardless of how the resources are created. For more information, see Blocking public access to your Amazon S3 storage.

Identify Amazon S3 bucket policies that allow a wildcard identity such as Principal “” (which effectively means “anyone”) or allows a wildcard action “” (which effectively allows the user to perform any action in the Amazon S3 bucket).

Similarly, note Amazon S3 bucket access control lists (ACLs) that provide read, write, or full-access to “Everyone” or “Any authenticated AWS user.”

Use the ListBuckets API to scan all of your Amazon S3 buckets. Then use GetBucketAcl, GetBucketWebsite, and GetBucketPolicy to determine whether the bucket has compliant access controls and configuration.

Use AWS Trusted Advisor to inspect your Amazon S3 implementation.

Consider implementing on-going detective controls using the s3-bucket-public-read-prohibited and s3-bucket-public-write-prohibited managed AWS Config Rules.

View the screenshot

Browser Configuration

• None

From webcompat.com with ❤️

[softvision-raul-bucata]

@Ramansh123454 It seems that the link provided leads to an XML file. Also, "However, if the buckets are not configured properly, or are unclaimed, an attacker can probably perform some mischievous actions such as S3 Bucket Takeover or S3 Content Takeover."
This seems more like a site issue, rather than a browser issue.

Can you confirm, please?

[qa_07/2023]

[softvision-raul-bucata]

Unfortunately being unable to reproduce the issue you are experiencing, we cannot help you with it. Please leave a comment with more details, or file a new report and we will gladly investigate this further.
This will be closed as Incomplete.

[inv_09/2023]