XSS Vulnerability in Amazon Developer Console
I’ve decided to migrate my personal blog made with Jekyll here on Medium, because I don’t have enough time to maintain it anymore. Medium seems a pretty fast and clean alternative that definitely handles social and SEO aspects of a blog better than me.
Everyone is talking about Amazon’s security today, so I’ve decided to publish an entry from my “old” blog that describes a security vulnerability I found last year in Amazon Developer Console.
Whats’s Amazon Developer Console?
It’s the place where you can manage and publish apps in Amazon’s App Store. They recently added a new service like Google Play Games called GameCircle to add on your app more gaming related features like achievements and shared leaderboards, so I decided to investigate on it.
I decided to go back and edit the name again when…
Yes, my code was executed! The problem was in a string below the real name as you can clearly see in latest screenshot. Also the XSS was stored in Amazon servers: it was executed every time the user clicked on the GameCircle configuration.
12:48 - Issue reported at firstname.lastname@example.org.
14:54 - Amazon answered me on Twitter.
19:20 - Fix released (pretty fast). Amazon asked me to confirm if the fix was correctly implemented.
Here’s a screenshot of the page after Amazon’s patch.
A video of the attack is also available on YouTube:
Unlucky neither Amazon.com nor Amazon Web Services have a bounty program or an Hall of Fame at the moment.