This is newp_th. This issue is very similar to my previous report on Reflected XSS on Stack Overflow.
It was much easier than before, Just append a malicious payload “><script/k/>alert(113)</script/k/> to parameter.
Few weeks after reporting this issue to amazon security team, I got a reply that issue has been resolved and to verify it again. On further testing I could easily bypass the fix using payload “-confirm(1)-”.
Thanks for reading. Hope will get time to write some more posts.
Timeline:
29-May-2018: Bug reported
29-May-2018: Bug confirmed by security team
25-June-2018: Bug Fixed
27-June-2018: Bypassed Fix
12-Dec-2018: Bug Resolved