AWS Original Malicious Exploit


TL;DR: You can squat S3 bucket names.

Everyone and their uncle has a branded vulnerability website, why not me?

S3 buckets are unique across AWS. Try creating a bucket named "apple.com", you can't because I have already made it. To host a static website on S3 like this, you need to name your bucket after the website. The bucket hosting this website is awsome.pw and there's www.awsome.pw to redirect www.

If I know the name of your awesome website, I can create the bucket to prevent you from hosting it on AWS.

This is a serious Denial of Service vulnerability.

Why this?
Because every vulnerability needs a name, website and logo.

Why is the logo an omellete?
AWSome = AWS Omellete, gedit?

Credit:
  • Yell at this guy for wasting these few minutes of your life.
  • Webpage stolen from bettermotherfuckingwebsite.
  • Special thanks to Off-Off-Topic denizens for donating the logo and vuln name.


  • Made with ❤ using hand-crafted HTML.