Jump to content
Sign in to follow this  
H2O

Cross-Site-Scripting for downloads

Recommended Posts

All downloads in the download section on cczone currently seem to be affected by a script injection violating the same-origin policy!

This means either the site is currently compromised by a virus or a serious bug in the client side code:
The sanitized origin of the attack is s3.amazonaws.com.

Edit: Since the whole site is running on amazon simple storage service via cloudfront it's most likely a bug in the sites code, not using the correct uri.

 

  • Upvote 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×