Thread: Since @amazon have fixed this let me tell you a story how they’ve been leaking unreleased books for god knows how long. A proper blog post will be coming later this week, but here’s a small “preview”.
As you might be aware of, Amazon has a nice feature where they allow you to preview a small portion of the book you’re about the buy before the purchase. It looks something like this:
If you look closely you will also notice the search bar on the right side. Under that search bar you will see the list of results. The result I’m getting is from page 73 that according to the nice warning message in the middle shouldn’t be accesible. With a small excerpt. Nice.
With a crude Ruby script I was able to automate this API call and in under an hour I had almost 3mb of these excerpts from the book. I’ve started with a fairly small list of unique keywords and then whatever result I got, I divided in half and searched for that phrase.
That gave me both some extra words before and after the searched phrase. This gave me a list of search results of overlapping phrases as such:
The actual stitching the individual lines together was the hardest part (which in the end turned out to be trivial) . Using an LCS algorithm I was able to combine them into a readable text:
Here’s a comparision with the real page from Amazon: close, isn’t it?
Few things to note: there was no rate limiting on this API endpoint so at one point I had over 400 threads making few requests per second. Sometimes a request would fail, but I could just reply it and it would work just fine.
Amazon treated this very seriously, under a week from the initial contact to the final fix. First hotfixes started appearing under 12 hours. Overall their security team is A+ but…
Amazon has no bug bounty program. So even if this saved their ass, I didn’t even get a lousy t-shirt. Upon learning that I considering releasing this without prior report to Amazon. Unfortunately this vulnerability would mostly hurt the authors and not the actual culprit.
Also, this thread is full of typos and grammar errors, it’s morning, don’t @ me.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Michał and his terrible jokes @ WWDC
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!