漏洞描述
AWS Bucket takeover was detected.
aws-bucket-takeover: AWS Bucket Takeover Detection
PoC代码[已公开]
id: aws-bucket-takeover
info:
name: AWS Bucket Takeover Detection
author: pdteam,pwnhxl,zy9ard3
severity: high
description: AWS Bucket takeover was detected.
reference:
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/36
metadata:
max-request: 1
tags: takeover,aws,bucket,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: dsl
dsl:
- Host != ip
- type: word
words:
- "The specified bucket does not exist"
- "BucketName"
condition: and
- type: dsl
dsl:
- contains(tolower(header), 'x-guploader-uploadid')
- contains(tolower(header), "aliyunoss")
negative: true
- type: word
part: host
words:
- "amazonaws.com"
- "ks3.ksyun.com"
- "kss.ksyun.com"
- "kss3.ksyun.com"
- "ks3-cn-beijing.ksyun.com"
- "ks3-cn-guangzhou.ksyun.com"
- "ks3-cn-hk-1.ksyun.com"
- "ks3-cn-shanghai.ksyun.com"
- "ks3-jr-beijing.ksyun.com"
- "ks3-jr-shanghai.ksyun.com"
- "ks3-rus.ksyun.com"
- "ks3-sgp.ksyun.com"
- "obs.jrzq.huaweicloud.com"
- "obs.petalpay.huaweicloud.com"
- "oss-cn-hangzhou.aliyuncs.com"
- "oss-cn-shanghai.aliyuncs.com"
- "oss-cn-qingdao.aliyuncs.com"
- "oss-cn-beijing.aliyuncs.com"
- "oss-cn-zhangjiakou.aliyuncs.com"
- "oss-cn-huhehaote.aliyuncs.com"
- "oss-cn-shenzhen.aliyuncs.com"
- "oss-cn-hongkong.aliyuncs.com"
- "oss-us-west-1.aliyuncs.com"
- "oss-us-east-1.aliyuncs.com"
- "oss-ap-southeast-1.aliyuncs.com"
- "oss-ap-southeast-2.aliyuncs.com"
- "oss-ap-southeast-3.aliyuncs.com"
- "oss-ap-southeast-5.aliyuncs.com"
- "oss-ap-south-1.aliyuncs.com"
- "oss-ap-northeast-1.aliyuncs.com"
- "oss-eu-central-1.aliyuncs.com"
- "oss-me-east-1.aliyuncs.com"
negative: true
extractors:
- type: regex
part: body
group: 1
regex:
- '<li>BucketName: (.*?)</li>'
- '<BucketName>(.*?)</BucketName>'
# digest: 490a004630440220316ab09e7977d660e576c657d45ec5141ffc7421df5352b23e926340c87f4860022007ac07ec4797b9668d58845b0383448da5031ce561f325a09fd5702097ef487d:922c64590222798bb761d5b6d8e72950