This blog post, the fourth in a series on hacking AWS Lambda functions, demonstrates how a simple file upload feature connected to Amazon S3 can compromise AWS credentials and services. The article details an OS command injection vulnerability in a serverless application’s feedback form, allowing attackers to execute commands within the Lambda runtime environment. By exploiting this vulnerability, the author extracts AWS credentials from the Lambda environment, highlighting the potential for severe security breaches. The post also discusses the implications of compromised cloud service permissions, particularly with AWS SES, which could lead to phishing attacks and email infrastructure damage. The article concludes by examining how Amazon Inspector can detect such vulnerabilities and emphasizes the importance of regular security audits and vulnerability scanning in cloud environments.