Fast Feed

Buried Treasures in Backups: How .bak Files Handed Me the Keys to Production ️

1 min read

Summary

  • A bug bounty hunter has found that backups of databases containing old data often remain on servers when they are not supposed to be, and are often unsecured and accessible.
  • This gave him the opportunity to find sensitive data that had long been deleted from the main databases, but which were still in the backups.
  • He found these database dumps on Amazon S3 and Azure Blob storage and gained full access to all data in the backups, including user data and password hashes.
  • He found a .bak file that contained a full copy of the production database, and using this he found a critical severity SQL injection vulnerability that would give an attacker full access to the database.
  • He was able to use this to his advantage in a bug bounty program and was paid a significant reward for his findings.

By Iski

Original Article

Backlinks