Laravel Debugbar enable Leads s3 Aws Takeover — Collab Hunting

Laravel Debugbar

Laravel Debugbar is a development tool for the Laravel PHP framework, designed to help developers debug their applications more efficiently. It integrates with Laravel and provides a visual representation of various debugging information directly in the browser.

AWS S3

Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.

Case

Today I started bug hunting on several websites with my friend 0x0d3ad we found a laravel debugbar enable vulnerability on the website we tested and the debugbar provides quite sensitive information.

Out of curiosity, my friend and I tried to explore the contents of the laravel debugbar, and we found the secret key, access key, region, bucket from aws S3 and I tried to access the bucket using the AWSCLI tool with a little config more or less like this

awscli configure

- Enter Secret Key
- Enter Access Key
- Enter Region 
- Enter

S3 Exposure

Config

sudo aws s3api get-bucket-acl --bucket <bucket> 

Connect

sudo aws s3 ls 's3://<host>/' 

Got Shell !!!

Stored XSS

Refrence

• https://atos.net/en/lp/securitydive/poorly-configured-s3-buckets-a-hackers-delight
• https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-post-exploitation/aws-s3-post-exploitation
• https://www.yeswehack.com/learn-bug-bounty/abusing-s3-bucket-permissions