19Şub
Man In The Middle Attack On File Uploads
I am using a web service (call it X) which allows files to be uploaded to AWS S3.
The way it works is that an initial call is made to X which then returns a list of file descriptors and also meta information which should be injected into the web form as hidden fields that the user is presented with to choose a file to upload. One of these hidden fields is the url of the S3 bucket where the file will be uploaded to.
When the user chooses a file and clicks submit the file is sent as byte streams to the S3 location.
I see two security concerns here:
- The url which is returned from calling X and then set as a hidden field in the form could be hijacked and substituted for another url of the hacker's choosing
- I am not sure if this is possible but the byte stream from the user's browser to the S3 bucket could be diverted?
Is this paranoia or actual real security concerns?
