Click, Recon, Jackpot! ️♂️ How a Subdomain Led Me to an S3 Treasure Trove
1 min read
Summary
A subdomain was discovered during digital reconnaissance that appeared to be misconfigured during a bug bounty project.
The subdomain was pointing to an Amazon S3 bucket that no longer existed, indicating the potential for a subdomain takeover.
Further investigation using a DNS check confirmed the existence of a CNAME record for the subdomain, also pointing to s3.amazonaws.com.
This suggested that the subdomain could potentially be taken over and used to store and deliver content, which could lead to serious security risks and vulnerabilities.
It is important for organisations to regularly audit and monitor their subdomains and DNS records to avoid such misconfigurations and potential security vulnerabilities.
This is even more relevant considering that subdomain takeovers can be used to deliver phishing pages, malware, or other types of malicious content, and are also often used in larger-scale attacks.