Security Researcher, Fabian Cuchietti discovered XSS vulnerability in the Amazon Web Services(aws.amazon.com).
It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from XSSed.com.
Mirror is available here:
http://www.xssed.com/mirror/77551/
POC:
https://aws.amazon.com/amis?ami_provider_id=4&architecture='%22--%3E%3C/style%3E%3C/script%3E%3Cscri
pt%3Ealert(0x015E00)%3C/script%3E&selection=ami_provider_id%2Barchitecture
It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from XSSed.com.
Mirror is available here:
http://www.xssed.com/mirror/77551/
 |
| Screenshot of the vulnerability |
0 comments:
Post a Comment