Reflected XSS on

This is newp_th. This issue is very similar to my previous report on Reflected XSS on Stack Overflow.

It was much easier than before, Just append a malicious payload “><script/k/>alert(113)</script/k/> to parameter.

Few weeks after reporting this issue to amazon security team, I got a reply that issue has been resolved and to verify it again. On further testing I could easily bypass the fix using payload “-confirm(1)-”.

Thanks for reading. Hope will get time to write some more posts.

Leave a Reply

Your email address will not be published. Required fields are marked *