Home / exploitsPDF  

Amazon Simple Storage Service S3 - Open Redirect Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Amazon Simple Storage Service (S3) - Open Redirect Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Amazon Simple Storage Service (S3) - Open Redirect Vulnerability # Google Dork: inurl:psiphon/landing-page-redirect/redirect.html?landingPage= # Date: 2017-03-30 # Exploit Author: Ghostman (iGhostm4n@Gmail.Com) # We Are: Zero Security Group # Vendor Homepage: https://aws.amazon.com/s3/ (https://s3.amazonaws.com) # Tested on: Ubuntu --------------------------------------------------------------------------------------- [ Description ] With this vulnerability, an attacker can instruct the user to dangerous road One of the risks of getting infected victim's machine. And we can accommodate different in Amazon Simple Storage Service, including Amazon (S3) observed. We have here one of those paths we have to prove its claim displayed The vulnerability exists in the sub-domains as you scope Amazon (Https: // s3.amazonaws.com) up into the main site (https://aws.amazon.com/s3/) is. --------------------------------------------------------------------------------------- [ Prof Of Concept ] https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=http://Attacker-Url.php Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application's access control check and then forward the attacker to privileged functions that they would normally not be able to access. ---------------------------------------------------------------------------------------- Live Demo: https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=https://twitter.com/ZeroSecOfficial ---------------------------------------------------------------------------------------- # Greetz : Sh4dow And My Pc # We Are:Sh4dow - Ghostman - SOLTAN SILENT - And All Member # Iranian Underground Researchers # https://telegram.me/ZeroSecOfficial </BODY></HTML>

 

TOP