Stealing Amazon EC2 Keys via an XSS Vulnerability
On a recent engagement, our testers were faced with a single page web application which was used to generate PDF documents. This web application contained a multi-step form that ultimately let the user download a PDF document containing the details they had entered. As a user progressed through the form, the data entered would occasionally […]