When I first tried to find a loophole in Amazon, I found this station, URL A parameter caught my attention:
https://primenow.amazon.com/onboard?sourceUrl=%2F
From this variable name I can daydream this is the page after the jump
I started building a proof-of-concept for this.
I found that if you simply enter the URL (for example, ?sourceUrl=facebook.com) failed
Doesn’t mean it’s not going to work out, I’ll try. Use the “//” symbol to bypass
But using //symbol to bypass > ?sourceUrl=//facebook.com Success
Finally “ // “ bypassing, the final POC is
Poc Payload:
https://primenow.amazon.com/onboard?sourceUrl=//facebook.com
https://primenow.amazon.com/onboard?sourceUrl= //Your_Website.com
This is my private video demonstration Poc:
Timeline
- 2017/02/01 12:32 Provide vulnerability details to Amazon Security Team
- 2017/02/01 02:44 Receive automatic response
- 2017/02/02 08:04 Receive response from Matt that inspection is in progress
- 2017/03/17 1:26 Received the Amazon Security Team (Matt) reply: Yes, it fixes