Laravel Debugbar
Laravel Debugbar is a development tool for the Laravel PHP framework, designed to help developers debug their applications more efficiently. It integrates with Laravel and provides a visual representation of various debugging information directly in the browser.
AWS S3
Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.
Case
Today I started bug hunting on several websites with my friend 0x0d3ad we found a laravel debugbar enable vulnerability on the website we tested and the debugbar provides quite sensitive information.
Out of curiosity, my friend and I tried to explore the contents of the laravel debugbar, and we found the secret key, access key, region, bucket from aws S3 and I tried to access the bucket using the AWSCLI tool with a little config more or less like this
awscli configure
- Enter Secret Key
- Enter Access Key
- Enter Region
- Enter
sudo aws s3api get-bucket-acl --bucket <bucket>
sudo aws s3 ls 's3://<host>/'