Member-only story
s3 bucket and firebase misconfigurtion Part-1
3 min readJun 9, 2025
HI everyone, i am back with another writeup……….
today i will explain the two vulnerabilities (both similar).
and also i will explain is it vulnerable or not..
ok,,, lets start of topic
- s3 bucket misconfiguration
- firebase misconfiguration.
first what is s3?
“An S3 bucket is a cloud-based storage container provided by Amazon Web Services (AWS) via its Simple Storage Service (S3).”
What is an S3 Bucket?
- Think of it like a folder in the cloud where you can store files (called objects).
- You can upload images, videos, documents, backups, etc.
- S3 buckets can be private (only you can access them) or public (anyone with a link can access).
Virtual-hosted–style URL (modern default)
https://my-bucket-name.s3.amazonaws.com/my-folder/image.jpgPath-style URL (older format, deprecated in most regions):
https://s3.amazonaws.com/my-bucket-name/my-folder/image.jpg
Signed S3 URL (temporary access)