Stored(Blind) XSS in amazon drive

I want share about my finding in amazon drive link.

When i found stored xss in microsoft outlook i choose another random target is amazon drive.

You can find my previous blog post here Stored(Blind) XSS in Microsoft outlook.

OK let’s start….

I upload filename with ‘”><img src=x onerror=alert(document.domain)>.jpg extension.

But nothing happened in their website.

I think myself “What if i share this drive folder or file?”…..

OK let’s share this link and the results is amazing..

thumbnail_file

They fixed within just 6 hours. And i got nothing lol…… They have no bounty program.

That’s why Jeff Bezos is becoming world richest man haha 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s