ILTOSEC

security research

iltosec

writeups & research

Blog

1 posts

categories

all Rce Xss CVE Ransomware File Upload Bypass Host Header Injection Authentication Bypass SSTI Command Injection Vulnerability Research Cloud AWS Injection

tags

Rce CMS CVE Ransomware File Upload Bypass snipe-it idor authorization-bypass privilege-escalation information-disclosure enumeration misconfiguration aws-s3 SQLI

From Presigned URL to Data Exposure: Exploiting a Misconfigured MinIO Instance

How an unauthenticated presigned URL endpoint and a public MinIO bucket misconfiguration exposed over 3GB of corporate internal documents during an authorized red team engagement.