Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
homakov
on Feb 28, 2017
|
parent
|
context
|
favorite
| on:
Ask HN: Is S3 down?
Was just pentesting it, and have some minor result. If you are using S3 browser uploads, make sure parameters you supply to Presign do not contain \n or it can lead to format injection
https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthenti...
Many aws SDK libs don't remove \n for you.
(I hope it wasn't me who broke it lol)
buildbuildbuild
on Feb 28, 2017
[–]
"Was just pentesting it" ... hopefully with their permission. Be careful.
homakov
on Feb 28, 2017
|
parent
[–]
It wasnt heavy pentesting, just some params jungling. No way it could cause anything :) still funny coincidence
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Many aws SDK libs don't remove \n for you.
(I hope it wasn't me who broke it lol)