Wednesday, March 13, 2013

0

Amazon vulnerable to XSS flaw found by Security Researcher

  • Wednesday, March 13, 2013
  • Nauman Ashraf
  • Ali Hasan Ghauri - 14 Years old , The Youngest Security Researcher found XSS vulnerability on Amazon (www.amazon.com) main site. Vulnerability is fixed by Amazon Security Team.


    The Security researcher told The Hackers Post that he reported XSS flaw to Amazon security team. He got immediate response with appreciation and vulnerablity fixed by them.
    Amazon Secuity Team immediately patched the XSS flaw which was reported by me. They didnot offer  any reward to me because they dont have bug bounty program.

    [#] - Website:
                        http://www.amazon.com/

    [#] - Vulnerable link (POC):
    http://www.amazon.com/Thomas-Calculus-Multivariable-12th-George/dp/0321643690/%22ns=%22alert%280x000308%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ghauri%22%29%3C/script%3E
    [#] - Vulnerability Type: 
                       XSS (Cross Site Scripting)

    [#] - Status:
                        Fixed [Critical]

    [#] -  Tested on:
                      Firefox 19.0.1

    -->
    The Youngest Security Researcher " Ali Hasan Ghauri " also found XSS Vulnerabilities on OLX , EBAY , BrainTree Payments , GitLab & many more.

    Ebay POC Screen Shot:

    Ebay Acknowledged his name in Responsible Disclosure Acknowledgements Page.
    GitLab also Acknowledged his name in Vulnerability Acknowledgement Disclosure.

    According to Security Researcher, BrainTree Payments sent him a Cool T-shirt for finding bugs.

    0 Responses to “ Amazon vulnerable to XSS flaw found by Security Researcher ”

    Post a Comment

    Subscribe