Cross-Site-Scripting for downloads
#1
All downloads in the download section on cczone currently seem to be affected by a script injection violating the same-origin policy!

This means either the site is currently compromised by a virus or a serious bug in the client side code:

The sanitized origin of the attack is s3.amazonaws.com.

Edit: Since the whole site is running on amazon simple storage service via cloudfront it's most likely a bug in the sites code, not using the correct uri.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)