ZeroSec Discover Open Redirect Vulnerability in Amazon Simple Storage Service (S3)

ZeroSec ( hacker Ghostman discovered an open redirect vulnerability in Amazon Simple Storage Service (S3). The vulnerability, which lies in scoping Amazon subdomain into the main, allows the attacker to draw the victim onto a different landing page than the one he thinks he will go to. This has the potential to allow the attacker to maliciously craft a URL that would allow the attacker to pass the access control check without prevention and then he maybe can access privilege functions that normally are blocked.

Registration of vulnerability is here:

Leave a Reply

Your email address will not be published. Required fields are marked *