################################################################################################# # Exploit Title: Amazon Web Services Database Backup Disclosure (Sensitive Information) # Discovered By: Gh05t666nero # Team: Indoghostsec # Date: 2020/09/13 # Vendor Homepage: amazonaws.com | aws.amazon.com # Tested On: Linux gh05t666nero 5.7.0-kali3-686-pae #1 SMP Debian 5.7.17-1kali1 (2020-08-26) i686 GNU/Linux # Category: WebApps # Exploit Risk: High # Vulnerability Type: CWE-200 :=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=: [*] About AWS: ============== Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide a variety of basic abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS's version of virtual computers emulates most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; hard-disk/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM). :=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=: [*] Dork: ========= ec2 site:amazonaws.com filetype:sql s3 site:amazonaws.com filetype:sql password site:amazonaws.com filetype:xls email.address site:amazonaws.com filetype:xls :=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=: [*] Proof of Concept: ===================== (> Surf your browser using the Dork above. (> Choose the amazonaws.com site that is attractive to your eyes. (> Do a search on the page with a keyword in the form of [Password]. (> Kaboom you find Sensitive Information that is exposed and can be accessed arbitrarily by the public on the amazonaws.com site. :=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=:=: [*] Demo: ========= http://ec2-3-135-246-139.us-east-2.compute.amazonaws.com:8080/projects/TEST/repos/source-code-from-tutorials/diff/Other/SampleMySQLData/store.sql?autoSincePath=false&until=01bed803912cb286eee1066643ba4d1a5af4c122&at=01bed803912 http://strokeconsortium.s3.amazonaws.com/strokeco_dump-2017-04-13T18:07:55.000000.sql https://s3.amazonaws.com/files3.peopleperhour.com/uploads/portfolioItems/Portfolio-158161-bagyainfoservices_report_file-02.xls https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwit8aDbyuXrAhWLX30KHWf0DOkQFjAJegQIChAB&url=https%3A%2F%2Fcontent-calpoly-edu.s3.amazonaws.com%2Fpolydata%2F1%2Ftabledefs%2Fservice%2FSERVICE_ESS_IMAGING.xls&usg=AOvVaw08CJ5J3va8k0nBgeehRd9g ################################################################################################# Contact Me: gh05t666nero@gmail.com Instagram: @ojan_cxs Telegram: t.me/Gh05t666nero Twitter: @Gh05t666nero1 Greet'z: All member Indoghostsec