(I'll use website.com in place of the actual domain as to not disclose any specific website vulnerability)
I noticed on a website that their crossdomain.xml file allowed access from another website with this code: <allow-access-from domain="*.website.com"/>
I knew this wasn't a vulnerability, but I checked on that domain that it gave access to, and I was able to take over one of their subdomains.
Now I took over m.website.com (it was an expired bucket) can I use it to send/receive HTTP requests/responses? (I don't want to actually take over the subdomain, but I want to answer this question so I can report it)
I was trying to figure this out myself but I really don't understand if it would work or not, since I'd technically be sending them from the S3 bucket.
