+- CC Zone - Chip's Challenge Forum (https://forum.bitbusters.club)
+-- Forum: CC Zone Meta (https://forum.bitbusters.club/forum-3.html)
+--- Forum: Feedback (https://forum.bitbusters.club/forum-11.html)
+--- Thread: Cross-Site-Scripting for downloads (/thread-1201.html)
Cross-Site-Scripting for downloads - H2O - 03-Nov-2017
All downloads in the download section on cczone currently seem to be affected by a script injection violating the same-origin policy!
This means either the site is currently compromised by a virus or a serious bug in the client side code:
The sanitized origin of the attack is s3.amazonaws.com.
Edit: Since the whole site is running on amazon simple storage service via cloudfront it's most likely a bug in the sites code, not using the correct uri.