amazon

3 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 2/10
How I found XSS on amazon
bug-bounty

A beginner bug bounty hunter discovered a Self-XSS vulnerability in Amazon's developer.amazon.com where Security Profile names were reflected in source code, which they escalated to a logout CSRF issue. The vulnerability was reported, triaged, and fixed within a week, though no monetary reward was offered per Amazon's policy.

xss cross-site-scripting self-xss csrf bug-bounty amazon developer-portal vulnerability-escalation bragging-post
Amazon developer.amazon.com Coding_Karma Karel_Origin Robert Smith
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
Reflected XSS on amazon.com
vulnerability

A reflected XSS vulnerability on Amazon's masclient endpoint (/gp/masclient/dp/) allows attackers to inject arbitrary HTML/JavaScript by exploiting insufficient input validation and capitalization of product IDs. The author demonstrates cookie theft and session hijacking via SVG onload attributes with HTML entity encoding to bypass browser XSS protections.

reflected-xss xss cookie-theft html-injection amazon android-app apk-decompilation character-encoding-bypass xss-auditor-evasion svg-onload html-entity-encoding url-encoding jscrew jjencode octal-encoding phishing session-hijacking
amazon.com Jonathan Bouman Scroll.am Vue.js AWS Codestar AWS Lambda Chrome XSS Auditor Firefox jscrew.it jjencode
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 5/10
Reflected XSS on amazon
bug-bounty

Researcher discovered a reflected XSS vulnerability on Amazon's ad system domain (ws-na.amazon-adsystem.com) via the tracking_id parameter, then bypassed Amazon's initial fix using an alternative payload technique.

reflected-xss amazon xss-bypass web-security parameter-injection bug-bounty
Amazon ws-na.amazon-adsystem.com newp_th
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details