Day 25 comes with a simple exploring on topics related to Server Site Template Injection (SSTI) and S3 buckets misconfiguration by parts.
Server Side Template Injection
From Rajesh Ranjan. Template engines are widely used by web applications to present dynamic data via web pages and emails. Template injection allows an attacker to include template code into an existent (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages. Here is one research on Portswigger.
S3 Misconfiguration Part 1
From Sam (CoffeeJunkie). So first to start with the S3 buckets and its misconfigurations, we might have to understand first that S3 buckets basically are an object storage service that offers industry leading capability, data availability, security and performance.
Gathering the tools
There are tools that are useful to find S3 buckets such as Lazy S3, S3S scanner, Great Hat Warfare, and more tools that everyone should try in order to choose the preference. So in order to start testing the bucket, there must be different ways to find the buckets with the tools named from above. Once the bucket has been found, the next step is bucket verification.
Setting up S3 verification
In order to verify the bucket, there is a great way to do it with different kind of tools, but in this case if you’re a unix user, there is a great way to do it with awscli. To install just type the following command.
## Install AWScli pip install awscli ## Verify installation version aws --version
In order to start with the verification you will need to create and account in amazon aws in order to configure the KEY credentials. You can create the account and configure the keys here. If you need exact instructions on how to actually create the keys, you can find pretty cool instructions here.
Once you’re all set we’ll check how to verify buckets in Part 2 coming in day 26!