←back to thread

237 points shinzub | 3 comments | | HN request time: 0.407s | source
1. joshfraser ◴[] No.42743865[source]

Back in 2013 I discovered that you could use clickjacking to trick someone into buying anything you wanted from Amazon (assuming they were signed in). It took them almost a year to fix the issue. They never paid me a bounty.

https://onlineaspect.com/2014/06/06/clickjacking-amazon-com/

replies(2): >>42744403 #>>42744621 #
2. superq ◴[] No.42744403[source]

On that note, https://github.com/aws/aws-codedeploy-agent/issues/30

3. paulpauper ◴[] No.42744621[source]

Bug bounties are kind of a joke. they will invent almost any reason to not pay. it has to be something where the site is malfunctioning, not CSS tricks, which has to do with the browser , not the vendor. Clickjacking can work on any site, not just Amazon.