Carlos Polop
GitHub
commit
e617a036e4
@ -6,7 +6,7 @@ A bucket is typically considered “public” if any user can list the contents
|
|||||||
|
|
||||||
It should be emphasized that a public bucket is not a risk created by Amazon but rather a misconfiguration caused by the owner of the bucket. And although a file might be listed in a bucket it does not necessarily mean that it can be downloaded. Buckets and objects have their own access control lists \(ACLs\). Amazon provides information on managing access controls for buckets [here](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAuthAccess.html). Furthermore, Amazon helps their users by publishing a best practices document on [public access considerations around S3 buckets](http://aws.amazon.com/articles/5050). The default configuration of an S3 bucket is private.
|
It should be emphasized that a public bucket is not a risk created by Amazon but rather a misconfiguration caused by the owner of the bucket. And although a file might be listed in a bucket it does not necessarily mean that it can be downloaded. Buckets and objects have their own access control lists \(ACLs\). Amazon provides information on managing access controls for buckets [here](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAuthAccess.html). Furthermore, Amazon helps their users by publishing a best practices document on [public access considerations around S3 buckets](http://aws.amazon.com/articles/5050). The default configuration of an S3 bucket is private.
|
||||||
|
|
||||||
**Learn about AWS-S3 misconfiguration here:** [ **http://flaws.cloud**](%20http://flaws.cloud) **and** [**http://flaws2.cloud/**](http://flaws2.cloud/) **\(Most of the information here has been take from those resources\)**
|
**Learn about AWS-S3 misconfiguration here:** [ **http://flaws.cloud**](%20http://flaws.cloud) **and** [**http://flaws2.cloud/**](http://flaws2.cloud/) **\(Most of the information here has been taken from those resources\)**
|
||||||
|
|
||||||
#### **Regions**
|
#### **Regions**
|
||||||
|
|
||||||
@ -71,7 +71,7 @@ Check that the resolved domain have the word "website".
|
|||||||
You can access the static website going to: `flaws.cloud.s3-website-us-west-2.amazonaws.com`
|
You can access the static website going to: `flaws.cloud.s3-website-us-west-2.amazonaws.com`
|
||||||
or you can access the bucket visiting: `flaws.cloud.s3-us-west-2.amazonaws.com`
|
or you can access the bucket visiting: `flaws.cloud.s3-us-west-2.amazonaws.com`
|
||||||
|
|
||||||
If you tries to access a bucket but in the domain name you specifies another region \(for example the bucket is in `bucket.s3.amazonaws.com` but you try to access `bucket.s3-website-us-west-2.amazonaws.com` you will be redirected to the correct location.
|
If you try to access a bucket, but in the domain name you specify another region \(for example the bucket is in `bucket.s3.amazonaws.com` but you try to access `bucket.s3-website-us-west-2.amazonaws.com`, then you will be redirected to the correct location.
|
||||||
|
|
||||||
## Enumerating the bucket
|
## Enumerating the bucket
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user