XSS Bug in Amazon Gift Card Creation

I recently found a XSS bug Amazon Gift card creation flow, I am going to explain how it works.

Below is the URL is for creating Amazon Gift card.


url parameter is the base64 encoded URL. Once the gift card is created/cancelled, then the page is is redirected to the  url
To open the link : Click here

I gave amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5jb29raWUp as url value, which is  base64 encoded  of javascript:alert(document.cookie)


Screen shots:

XSS Bug in Amazon Gift Card ceation XSS Bug in Amazon Gift Card ceation

So we can pass any javascript code (base4 encoded) as url parameter.


I reported this bug to amazon on 11th Feb 2016, and it was fixed on 16th Feb 2016.  Unfortunately, Amazon does not give any bounty for security vulnerabilities.  🙁


Mail confirmation from amazon:

XSS BUG amazon Gift card creation Fixed