Amazon Bypass Open Redirect

When I first tried to find a loophole in Amazon, I found this station, URL A parameter caught my attention:

From this variable name I can daydream this is the page after the jump

I started building a proof-of-concept for this.

I found that if you simply enter the URL (for example, ? failed

Doesn’t mean it’s not going to work out, I’ll try. Use the “//” symbol to bypass

But using //symbol to bypass > ?sourceUrl=// Success

Finally “ // “ bypassing, the final POC is

Poc Payload: //

This is my private video demonstration Poc:


  • 2017/02/01 12:32 Provide vulnerability details to Amazon Security Team
  • 2017/02/01 02:44 Receive automatic response
  • 2017/02/02 08:04 Receive response from Matt that inspection is in progress
  • 2017/03/17 1:26 Received the Amazon Security Team (Matt) reply: Yes, it fixes