←back to thread

DoubleClickjacking: A New type of web hacking technique

(www.paulosyibelo.com)
237 points shinzub | 3 comments | 14 Jan 25 04:44 UTC | HN request time: 0.614s | source
1. joshfraser ◴[17 Jan 25 22:18 UTC] No.42743865[source]
Back in 2013 I discovered that you could use clickjacking to trick someone into buying anything you wanted from Amazon (assuming they were signed in). It took them almost a year to fix the issue. They never paid me a bounty.

https://onlineaspect.com/2014/06/06/clickjacking-amazon-com/

replies(2): >>42744403 #>>42744621 #
2. superq ◴[17 Jan 25 23:37 UTC] No.42744403[source]
On that note, https://github.com/aws/aws-codedeploy-agent/issues/30
3. paulpauper ◴[18 Jan 25 00:17 UTC] No.42744621[source]
Bug bounties are kind of a joke. they will invent almost any reason to not pay. it has to be something where the site is malfunctioning, not CSS tricks, which has to do with the browser , not the vendor. Clickjacking can work on any site, not just Amazon.