LocalTapiola: Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)

2016-05-10T13:42:35
ID H1:137487
Type hackerone
Reporter xmly
Modified 2016-05-12T21:43:22

Description

Searching through the source code of your homepage shows a few http://inpref.s3.amazonaws.com/ URLS. I assume that you own this s3 Amazon bucket. The problem here is, visiting that amazon bucket on a browser will shows the files on the bucket, whilst a secure bucket would bring up an access denied page. I have attached Screenshots showing Hackerone's bucket compared to your bucket to show you what a secure bucket looks like and where the bucket is being used in your source code.