ZeroSec Discover Open Redirect Vulnerability in Amazon Simple Storage Service (S3)

ZeroSec (https://t.me/ZeroSecOfficial) hacker Ghostman discovered an open redirect vulnerability in Amazon Simple Storage Service (S3). The vulnerability, which lies in scoping Amazon subdomain s3.amazonaws.com into the main aws.amazon.com/s3, allows the attacker to draw the victim onto a different landing page than the one he thinks he will go to. This has the potential to allow the attacker to maliciously craft a URL that would allow the attacker to pass the access control check without prevention and then he maybe can access privilege functions that normally are blocked.

Registration of vulnerability is here: https://cxecurity.com/issue/WLB-2017030252

Leave a Reply

Your email address will not be published. Required fields are marked *