GoCD: Open S3 Bucket Accessible by any Aws User

Description: It has been observed that the amazon s3 bucket which i believe belongs to GoCD as it contains data related to GoCD █████ documents and all is misconfigured as a result any unauthenticated users can access it without any restrictions Step-by-step Reproduction Instructions 1.Access...

Omise: Open S3 Bucket Accessible by any User

hi team, here i found Open S3 Bucket Accessible by any User vulnerable URL: https://cdn2.omise.co/ bucket name : omise-cdn-2 I haven't tried this yet as it may delete the bucket. it is possible an Attacker can delete the bucket using this command:- $ aws s3 rb s3:// and claim the bucket again to...

Sifchain: Open S3 Bucket | information leakage

Hi I found an Open S3 Bucket. - POC : aws s3 ls s3://amazon-eks/ Source : https://github.com/Sifchain/sifnode/blob/bebbe9883560bbde4f452f81a2d85bdbc243636a/deploy/rake/dependencies.rake21 regards oos Impact information leakage...

Acronis: Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]

Summary Hello, @acronis Team I hope you all doing well. during My recon, I found OPEN S3 BUCKET http://acronis.1.s3.amazonaws.com and this BUCKET has an ZIP file . and this file contains sensitive information about the internal system of Acronis. This Zip file Is from 2018. And it looks like it w...

S3Scanner - Scan For Open S3 Buckets And Dump

A quick and dirty script to find unsecured S3 buckets and dump their contents. Using The tool has 2 parts: 1 - s3finder.py This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format...