Blast from the past: Cross Site Scripting on the AWS Console
Amazon Bug Bounty! Great news: Amazon is now offering bounties via a security vulnerabiltiy research program
Bad news: AWS is out of scope!
When I read this I remembered that a few years ago I found persistent Cross-Site-Scripting on the AWS Console.
This post is a write up on how I found the XSS back then, techniques I used and how they evolved over the years and Amazon’s response.
AWS Console and Cross Site Scripting The story is that I had just created an AWS account and started using the service.