| ▲ | joshfraser 7 hours ago | |
Back in 2013 I discovered that you could use clickjacking to trick someone into buying anything you wanted from Amazon (assuming they were signed in). It took them almost a year to fix the issue. They never paid me a bounty. https://onlineaspect.com/2014/06/06/clickjacking-amazon-com/ | ||
| ▲ | superq 5 hours ago | parent | next [-] | |
On that note, https://github.com/aws/aws-codedeploy-agent/issues/30 | ||
| ▲ | paulpauper 5 hours ago | parent | prev [-] | |
Bug bounties are kind of a joke. they will invent almost any reason to not pay. it has to be something where the site is malfunctioning, not CSS tricks, which has to do with the browser , not the vendor. Clickjacking can work on any site, not just Amazon. | ||