A significant security vulnerability has been discovered in Alibaba Cloud Object Storage Service (OSS), enabling unauthorized users to upload data to cloud storage.
This misconfiguration poses risks such as unauthorized data storage, overwriting sensitive files, and potential data breaches.
The vulnerability stems from the improper configuration of the HTTP PUT method, which allows users to upload files without authentication.
Technical Breakdown of the Exploit
The discovery process, detailed by Muhammad Waseem, a security researcher, involved the following steps:
A 403 Forbidden response during routine web browsing signaled restricted access to a resource hosted on Alibaba Cloud OSS.
Using the Wappalyzer browser extension, the platform was confirmed to rely on Alibaba OSS for storage infrastructure. Subsequently, Burp Suite intercepted the initial request, and the server responded with a 403 error but disclosed its AliyunOSS platform identity.
A modified HTTP PUT request uploaded a test JSON file (poc.json), and the server returned a 200 OK status, confirming successful upload.
The uploaded file was accessible at https://target.com/poc.json, demonstrating the misconfiguration’s exploitability.
This vulnerability enables:
- Unauthorized Data Storage: Attackers could host malicious content or exfiltrate data.
- File Overwriting: Critical operational data could be altered or destroyed.
- Data Breaches: Sensitive information might be exposed if combined with read-access misconfigurations.
Recommendations
To address these risks, organizations should implement:
- Set bucket ACLs to private and enforce least-privilege access via IAM policies.
- Disable public write permissions unless explicitly required.
- Enable Multi-Factor Authentication (MFA) for OSS operations.
- Rotate AccessKey pairs regularly to mitigate credential leaks.
- Utilize Alibaba Cloud’s Security Center for real-time threat detection and vulnerability assessments.
- Audit logs for unexpected PUT/POST requests.
- Apply server-side encryption (SSE) or client-side encryption for sensitive data38.
- Use HTTPS exclusively for data transmission.
While Alibaba OSS offers compliance certifications, encryption, and WORM (Write Once Read Many) retention policies, this incident underscores the shared responsibility model in cloud security. Users must actively configure safeguards rather than relying solely on provider defaults.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Start Now for Free.