Hacker News new | past | comments | ask | show | jobs | submit login
Amazon packaging feedback cross-site scripting vulnerability (bitquark.co.uk)
36 points by bitquark on Aug 16, 2013 | hide | past | favorite | 7 comments



I've sometimes wondered if code I've worked on will ever make it onto HN.

This was not the preferred way ;)

Though in my defense, this code was written before I got there... But I'm pretty sure I've been through this exact code afterwards and never found the vulnerability.


Nice to meet you! There's always one that slips through the net ;-)


I reported a different vulnerability to Amazon a few days ago. I've gotten a case number, but haven't heard anything beyond that. It's nice to see their timeline and know that they are responding and fixing stuff.


I wonder why Amazon doesn't offer a bounty, even one that is a token amount.


People often whine more about a "token amount" more than they do a "thank you" in my experience.


I would be curious if the author would have investigated further if he knew for certain no monetary benefit would have been given by Amazon.


Of course! I did know for certain there was no monetary benefit. A t-shirt would have been nice, but I investigated for the fun of it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: