Featured image of post Exposed S3 Credentials of QuadX
Vulnerability Research

Exposed S3 Credentials of QuadX

I found a exposed sensitive credential in the website and was able to access the Amazon S3 Bucket of Paylink, One of the digital platforms of QuadX. This allowed me to retrieve, upload and remove all files in the S3 Bucket.

What is Secuna? Secuna is the first and only crowdsourced cybersecurity testing platform in the Philippines helping startups and SMEs by connecting them to vetted security researchers to find and fix security vulnerabilities before they can be exploited by cybercriminals.

Benefits at Secuna:

Hacker Success Team Secuna is an ever-evolving crowdsourced cybersecurity testing platform managed by an experienced cybersecurity team. They are determined to deliver the platform’s best support.

Hacking Community Support Hacking is a fun but tough journey, with an inevitable landscape of new challenges & technologies due to rapid digital transformation. Our hacking communities are here to help every cybersecurity professional level up and sharpen their skillsets.

Hacking Security Programs We work with different organizations from across the globe, giving you an access to different security programs of all types and the ability to hack legally whenever you want.

Not Just About Money Aside from earning huge bounties on our platform, you can enhance your skills and learn so much more from other hackers.

Without further ado, let’s move to the bug.

Static Analysis

Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. https://searchwindevelopment.techtarget.com/definition/static-analysis

In this post we will look for sensitive information stored in the website like passwords, API keys etc.

Find Javascript Files

There are multiple ways to gather Javascript files in the target website, In this post i will share it to you.

dwadwada

Download the Javascript File

cxzcz

Beautify the file

npm install js-beautify

You can Use any Javascript beautifier, Once you install js-beautify run the following command to Beautify the Javascript File.

js-beautify paylink.js > paylink-clean.js

Now, Open your Favorite Text Editor and Start Finding the needle in the haystack.

aaakk

Check the credentials using aws-cli

pip install awscli

Using the credentials gathered via awscli

aadd

Few Minutes after Submitting, QuadX Immediately Addressed the Issue and the Vulnerability was Fixed Few Hours Later, Giving the Points i needed to Top the Leaderboards at Secuna.

kdkawda

Kudos to QUADX for being transparent about the remediation timeline, I love the fast Response ❤️ ❤️ and to Secuna thank you so much for building this Awesome Cyber Security Testing Platform.

Did you Learn Something? Share this! #sharingiscaring

Bonus: Jobert Abma created relative-url-extractor a small tool that extracts relative URLs from a file. This can help you get a quick overview of all the relative endpoints in a file.

© 2022 Ctulhu | Bug Bounty and Security Research
ctulhu.me | Christian Niel Angel
Built with Hugo
Theme Stack designed by Jimmy