Cross-Site-Scripting for downloads
#1
All downloads in the download section on cczone currently seem to be affected by a script injection violating the same-origin policy!

This means either the site is currently compromised by a virus or a serious bug in the client side code:

The sanitized origin of the attack is s3.amazonaws.com.

Edit: Since the whole site is running on amazon simple storage service via cloudfront it's most likely a bug in the sites code, not using the correct uri.
Reply


Messages In This Thread
Cross-Site-Scripting for downloads - by H2O - 03-Nov-2017, 12:10 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)