search

intigriti / misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
https://bugology.intigriti.io/misconfig-mapper-docs
MIT License
267 stars 17 forks source link

Unsure if bug but reporting multiple false positives #8

Closed nopcorn closed 1 month ago

nopcorn commented 1 month ago

I ran a quick check against Slack and Google CloudStore, it found many (all?) issues, but confirming each one shows that a 404 was sent. Here's the output with a random company string:

$ ./misconfig-mapper -target "2948fy2we30d9jg" -service 4 -delay 1000
[+] Checking 49 possible target URLs...
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[+] 1 Google CloudStorage Bucket Misconfigured Read Permissions Instance found!
URL: https://2948fy2we30d9jg.storage.googleapis.com/
Service: Google CloudStorage Bucket Misconfigured Read Permissions
Description: GCP Storage Bucket can be left misconfigured and allow anyone to access files and objects potentially containing sensitive data if access permissions aren't properly enforced

References:
        - https://bugology.intigriti.io/misconfig-mapper-docs/services/google-cloud-storage-bucket/google-cloud-storage-bucket
        - https://cloud.google.com/storage/docs/access-control/making-data-public#buckets
        - https://cloud.google.com/storage/docs/public-access-prevention
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Connecting manually to that endpoint shows a 404:

$ curl -vvv -k https://2948fy2we30d9jg.storage.googleapis.com/
<snip>
< HTTP/2 404 
< content-type: application/xml; charset=UTF-8
< content-length: 133
< date: Fri, 10 May 2024 11:37:54 GMT
< expires: Fri, 10 May 2024 11:37:54 GMT
< cache-control: private, max-age=0
< server: UploadServer
< 
* Connection #0 to host 2948fy2we30d9jg.storage.googleapis.com left intact
<?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message></Error>

Running the latest release on 64 bit Linux

0xblackbird commented 1 month ago

Hi @nopcorn

Thank you for your feedback!

A more robust filter to check for misconfigured GCP read permissions will be included in the next release.

I will leave this issue open for now until a new release is available (probably before the end of this week).

0xblackbird commented 1 month ago

Hey @nopcorn!

A fix is available now! You can update your templates using the -update-templates flag:

./misconfig-mapper -update-templates

Thank you for your contributions!