The Security researcher told The Hackers Post that he reported XSS flaw to Amazon security team. He got immediate response with appreciation and vulnerablity fixed by them.
Amazon Secuity Team immediately patched the XSS flaw which was reported by me. They didnot offer any reward to me because they dont have bug bounty program.
[#] - Website:
http://www.amazon.com/
[#] - Vulnerable link (POC):
http://www.amazon.com/Thomas-Calculus-Multivariable-12th-George/dp/0321643690/%22ns=%22alert%280×000308%27%22-%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ghauri%22%29%3C/script%3E
[#] - Vulnerability Type:
XSS (Cross Site Scripting)
[#] - Status:
Fixed [Critical]
[#] - Tested on:
Firefox 19.0.1
The Youngest Security Researcher ” Ali Hasan Ghauri ” also found XSS Vulnerabilities on OLX , EBAY , BrainTree Payments , GitLab & many more.
Ebay POC Screen Shot:
Ebay Acknowledged his name in Responsible Disclosure Acknowledgements Page. GitLab also Acknowledged his name in Vulnerability Acknowledgement Disclosure.
According to Security Researcher, BrainTree Payments sent him a Cool T-shirt for finding bugs.