Exposed S3 Credentials of QuadX
What is Secuna? Secuna is the first and only crowdsourced cybersecurity testing platform in the Philippines helping startups and SMEs by connecting them to vetted security researchers to find and fix security vulnerabilities before they can be exploited by cybercriminals.
Benefits at Secuna:
Hacker Success Team Secuna is an ever-evolving crowdsourced cybersecurity testing platform managed by an experienced cybersecurity team. They are determined to deliver the platform’s best support.
Hacking Community Support Hacking is a fun but tough journey, with an inevitable landscape of new challenges & technologies due to rapid digital transformation. Our hacking communities are here to help every cybersecurity professional level up and sharpen their skillsets.
Hacking Security Programs We work with different organizations from across the globe, giving you an access to different security programs of all types and the ability to hack legally whenever you want.
Not Just About Money Aside from earning huge bounties on our platform, you can enhance your skills and learn so much more from other hackers.
Without further ado, let’s move to the bug.
Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. https://searchwindevelopment.techtarget.com/definition/static-analysis
In this post we will look for sensitive information stored in the website like passwords, API keys etc.
Beautify the file
npm install js-beautify
js-beautify paylink.js > paylink-clean.js
Now, Open your Favorite Text Editor and Start Finding the needle in the haystack.
Check the credentials using aws-cli
pip install awscli
Using the credentials gathered via awscli
Few Minutes after Submitting, QuadX Immediately Addressed the Issue and the Vulnerability was Fixed Few Hours Later, Giving the Points i needed to Top the Leaderboards at Secuna.
Kudos to QUADX for being transparent about the remediation timeline, I love the fast Response ❤️ ❤️ and to Secuna thank you so much for building this Awesome Cyber Security Testing Platform.
Did you Learn Something? Share this! #sharingiscaring
Bonus: Jobert Abma created relative-url-extractor a small tool that extracts relative URLs from a file. This can help you get a quick overview of all the relative endpoints in a file.