Amazon S3 Open Redirect

2017-03-30T00:00:00
ID PACKETSTORM:142007
Type packetstorm
Reporter Ghostman
Modified 2017-03-30T00:00:00

Description

                                        
                                            `# Exploit Title: Amazon Simple Storage Service (S3) - Open Redirect Vulnerability  
# Google Dork: inurl:psiphon/landing-page-redirect/redirect.html?landingPage=  
# Date: 2017-03-29  
# Exploit Author: Ghostman (iGhostm4n@Gmail.Com)  
# My Team: Zero Security Group  
# Vendor Homepage: https://aws.amazon.com/s3/ (https://s3.amazonaws.com)  
# Tested on: Ubuntu  
---------------------------------------------------------------------------------------  
[ Description ]  
  
With this vulnerability, an attacker can instruct the user to dangerous road  
One of the risks of getting infected victim's machine.  
And we can accommodate different in Amazon Simple Storage Service, including Amazon (S3) observed.  
We have here one of those paths we have to prove its claim displayed  
The vulnerability exists in the sub-domains as you scope Amazon  
(Https: // s3.amazonaws.com) up into the main site (https://aws.amazon.com/s3/) is.  
---------------------------------------------------------------------------------------  
[ Prof Of Concept ]  
https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=http://Attacker-Url.php  
Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the applicationas access control check and then forward the attacker to privileged functions that they would normally not be able to access.  
----------------------------------------------------------------------------------------  
Live Demo:  
  
https://s3.amazonaws.com/psiphon/landing-page-redirect/redirect.html?landingPage=https://twitter.com/ZeroSecOfficial  
  
----------------------------------------------------------------------------------------  
# Greetz : Sh4dow And My Pc  
# We Are:Sh4dow - Ghostman - SOLTAN SILENT - And All Member  
# Iranian Underground Researchers  
# https://telegram.me/ZeroSecOfficial  
  
`