Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AWS S3 keys Leak

By kannthu

High
Vidoc logoVidoc Module
#aws#s3#wordpress#disclosure
Description

AWS S3 keys Leak

What is AWS S3 keys Leak?

AWS S3 keys Leak is a module designed to detect a common misconfiguration in AWS S3 and WordPress installations that could lead to a data breach. It specifically targets websites running WordPress on AWS S3 and helps identify whether sensitive information, such as access keys and database credentials, are exposed.

This module has a severity level of high, indicating the potential for significant security risks if the misconfiguration is present.

Impact

If the misconfiguration is present, an attacker could gain unauthorized access to the AWS S3 bucket and potentially compromise sensitive data stored within it. This could include access keys, secret access keys, database names, and passwords, which can be used to further exploit the system or gain unauthorized access to other resources.

How the module works?

The AWS S3 keys Leak module works by sending HTTP requests to specific paths on the target website, such as "/wp-config.php-backup" and "/%c0". It then analyzes the response body for specific keywords, including "access-key-id", "secret-access-key", "DB_NAME", and "DB_PASSWORD". If any of these keywords are found, it indicates a potential misconfiguration.

For example, the module might send a GET request to "/wp-config.php-backup" and check if the response body contains the keywords mentioned above. If a match is found, the module will report a vulnerability.

The module uses matching conditions to determine the severity of the vulnerability. In this case, the matching condition is set to "and", meaning all keywords must be present in the response body for a match to occur.

By detecting this misconfiguration, the module helps website owners identify and address potential security risks, protecting their AWS S3 and WordPress installations from data breaches and unauthorized access.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-config.php-backu.../%c0
Matching conditions
word: access-key-id, secret-access-key, DB_NAM...
Passive global matcher
No matching conditions.
On match action
Report vulnerability