AWS Lab: SQL Injection in Lambda Function Exploited to Escalate IAM Privileges
A security lab writeup details how a SQL injection flaw in an AWS Lambda function was exploited to escalate IAM privileges and retrieve a secret from AWS Secrets Manager. Using the Pacu framework, researchers enumerated IAM roles and identified a key invoker role they were permitted to assume via sts:AssumeRole. After assuming the role and enumerating Lambda functions in us-east-1, they downloaded the function's source code and discovered it concatenated user input directly into a SQLite query without sanitization. By injecting a payload that bypassed a public policy visibility check, the researchers tricked the function into attaching the privileged SecretAccessPolicy to their user. This granted them direct access to the target secret, demonstrating how unsanitized inputs in cloud functions can lead to full privilege escalation.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in