undefined | Better HN

0 pointshomakov9y ago0 comments

Was just pentesting it, and have some minor result. If you are using S3 browser uploads, make sure parameters you supply to Presign do not contain \n or it can lead to format injection https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthenti...

Many aws SDK libs don't remove \n for you.

(I hope it wasn't me who broke it lol)

0 comments

2 comments · 1 top-level

buildbuildbuild9y ago· 1 in thread

"Was just pentesting it" ... hopefully with their permission. Be careful.

homakovOP9y ago

It wasnt heavy pentesting, just some params jungling. No way it could cause anything :) still funny coincidence

j / k navigate · click thread line to collapse