bug-bounty442
google354
xss342
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post83
csrf83
writeup79
browser77
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
docker51
ssrf51
phishing49
aws48
access-control47
smart-contract45
oauth45
supply-chain44
ethereum43
web342
defi42
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
race-condition31
web-application31
clickjacking31
info-disclosure31
reverse-engineering31
wordpress30
cloud29
information-disclosure29
burp-suite29
input-validation28
solidity27
web-security27
pentest26
0
8/10
vulnerability
A complete SSRF-to-RCE exploit chain on AWS Elastic Beanstalk that leverages the EC2 metadata service to extract IAM credentials, then uses those credentials to upload a PHP web shell to an accessible S3 bucket for remote code execution. The attack demonstrates how weak IAM policies can enable escalation from SSRF to full system compromise.
ssrf
rce
aws
elastic-beanstalk
metadata-service
ec2
s3
aws-cli
credential-extraction
file-upload
web-shell
privilege-escalation
cloud-security
iam-role-abuse
Youssef A. Mohamed
GeneralEG
CESPPA
Squnity
Synack
AWS Elastic Beanstalk
AWS Systems Manager
AWS CLI
169.254.169.254
aws-elasticbeanstalk-ec2-role
AWSElasticBeanstalkWebTier
0
7/10
bug-bounty
Researcher discovered a subdomain takeover technique by exploiting an improperly configured S3 bucket that allowed unauthenticated write access via AWS CLI. By uploading a malicious _redirect.html file with proper ACL permissions, the attacker could execute arbitrary content on the victim subdomain without exploiting a traditional subdomain takeover vulnerability.
s3-bucket-misconfiguration
subdomain-takeover
aws-security
cloud-storage
access-control
file-upload
aws-cli
bucket-policy
bug-bounty
AWS
Amazon S3
MuhammadKhizerJaved
HackerOne
Bugcrowd