📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is an explanation of a $20,000 vulnerability in S3 integration that I discovered in a private bug bounty program.
The @criticalthinkingpodcast episode with Alex Champan: • Alex Chapman: How to B...
The video from 2021: • How not to implement A...
🖥 Get $100 in credits for Digital Ocean: bbre.dev/do
Timestamps:
00:00 Intro
00:28 How did I approach my target?
01:50 How do S3 pre-signed URLs work?
04:36 The vulnerability
06:50 Escalating the impact
Негізгі бет Ғылым және технология My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
Пікірлер: 84