Comment by joshfraser

7 hours ago

Back in 2013 I discovered that you could use clickjacking to trick someone into buying anything you wanted from Amazon (assuming they were signed in). It took them almost a year to fix the issue. They never paid me a bounty.

https://onlineaspect.com/2014/06/06/clickjacking-amazon-com/

2 comments

joshfraser

superq 6 hours ago

On that note, https://github.com/aws/aws-codedeploy-agent/issues/30

paulpauper 5 hours ago

Bug bounties are kind of a joke. they will invent almost any reason to not pay. it has to be something where the site is malfunctioning, not CSS tricks, which has to do with the browser , not the vendor. Clickjacking can work on any site, not just Amazon.