Expected Findings
- Bucket policy grants `s3:ListBucket` and `s3:PutObject` to `*`.
- Listing reveals receipts and exports for any customer.
- `PutObject` allows attacker-controlled overwrites of script bundles.
Object Storage
Public S3 Bucket
A user-content bucket has public list and public PUT enabled, so anyone can enumerate uploads and overwrite or add objects.
Bucket probe
Primary Flows
- List bucket Public listing
- Policy Wildcard principal
- Public PUT Demonstrates write
Signals
Policy
{"Effect":"Allow","Principal":"*","Action":["s3:ListBucket","s3:PutObject"]}