Easily get essays for sale online at the best prices for any subject


Therefore I reverse engineered two dating apps.

Posted on July 20, 2022

Therefore I reverse engineered two dating apps.

Video and picture drip through misconfigured S3 buckets

Typically for images or any other asserts, some form of Access Control List (ACL) could be set up. A common way of implementing ACL would be for assets such as profile pictures

The important thing would act as a “password” to get into the file, in addition to password would simply be provided users who require usage of the image. When it comes to an app that is dating it’s going to be whoever the profile is presented to.

I’ve identified several misconfigured buckets that are s3 The League throughout the research. All photos and videos are inadvertently made general general general public, with metadata such as which user uploaded them when. Usually the application would obtain the pictures through Cloudfront, a CDN on top of this buckets that are s3. Unfortunately the underlying S3 buckets are severely misconfigured. (more…)

Posted to