I want share about my finding in amazon drive link.
When i found stored xss in microsoft outlook i choose another random target is amazon drive.
You can find my previous blog post here Stored(Blind) XSS in Microsoft outlook.
OK let’s start….
I upload filename with ‘”><img src=x onerror=alert(document.domain)>.jpg extension.
But nothing happened in their website.
I think myself “What if i share this drive folder or file?”…..
OK let’s share this link and the results is amazing..
They fixed within just 6 hours. And i got nothing lol…… They have no bounty program.
That’s why Jeff Bezos is becoming world richest man haha 🙂
Blog of Kyaw Min Thein 