XSS Vulnerability on Microsoft.com
Well, this is my first finding on Microsoft. Actually this is a pretty old vulnerability, I found it in March 2014 but I was very lazy or what I don’t know, in writing the write-up for it. But finally made a mindset to share about it as soon as possible.
Directly coming to the point, it was a Cross Site Scripting vulnerability in one of Microsoft’s sub domain i.e. social.technet.microsoft.com
Well, finding this vulnerability just came in mind while I was searching for a solution on their Forums for ‘Installing Visual Studio’. At last, I didn’t find a solution to my query but even didn’t end up empty handed. In fact, I ended up with this XSS vulnerability.
When I ended searching for solution in the Forums, I thought of getting my hands dirty on Bug Hunting. Below are the following steps I followed -
- I opened http://social.technet.microsoft.com/Search/en-US and in the search box, I entered the payload .
- Then the resulting URL was http://social.technet.microsoft.com/Search/en-US?query=&ac=4.
- Then after crafting it, it was http://social.technet.microsoft.com/Search/en-US?payload"> and opened it.
- Once again I came up with a search box, now I entered the payload and pressed Enter.
- Now this time I ended with a search result. So thought of trying it some other way. So I clicked on ‘Forums’ tab on the top of the page to start hunting again.
Then after a few days of reporting it, I was just trying to check whether it’s patched or not. I tried the same procedure on my cell phone with ‘Symbian OS’. And it did show me the pop-up.
PoC:
*. Found : 11 March 2014 (12:20 am)
*. Reported : 11 March 2014 (2:35 am)
*. Fixed : 19 March 2014
Reward : Hall of Fame (Link)
I am an engineer who admires technology and related stuff. Apart from tech, I play badminton, love swimming, am foodie and a big Harley Davidson fan.
ConversionConversion EmoticonEmoticon