Amazon Simple Storage Service (S3) - Open Redirect Vulnerability

2017.03.29
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

# Exploit Title: Amazon Simple Storage Service (S3) - Open Redirect Vulnerability # Google Dork: inurl:psiphon/landing-page-redirect/redirect.html?landingPage= # Date: 2017-03-30 # Exploit Author: Ghostman (iGhostm4n@Gmail.Com) # We Are: Zero Security Group # Vendor Homepage: https://aws.amazon.com/s3/ (https://s3.amazonaws.com) # Tested on: Ubuntu --------------------------------------------------------------------------------------- [ Description ] With this vulnerability, an attacker can instruct the user to dangerous road One of the risks of getting infected victim's machine. And we can accommodate different in Amazon Simple Storage Service, including Amazon (S3) observed. We have here one of those paths we have to prove its claim displayed The vulnerability exists in the sub-domains as you scope Amazon (Https: // s3.amazonaws.com) up into the main site (https://aws.amazon.com/s3/) is. --------------------------------------------------------------------------------------- [ Prof Of Concept ] https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=http://Attacker-Url.php Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access. ---------------------------------------------------------------------------------------- Live Demo: https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=https://twitter.com/ZeroSecOfficial ---------------------------------------------------------------------------------------- # Greetz : Sh4dow And My Pc # We Are:Sh4dow - Ghostman - SOLTAN SILENT - And All Member # Iranian Underground Researchers # https://telegram.me/ZeroSecOfficial


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top