Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain
2023-3-17 17:33:30 Author: infosecwriteups.com(查看原文) 阅读量:14 收藏

A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on that Microsoft’s subdomain to check for any potential vulnerabilities. After multiple attempts, I was unable to find any security flaws, except for a Self XSS issue on their second search bar on the download page. To explore further, I fetched the website’s archived links using Archivefinder[2], and discovered another search parameter(q). I tested this parameter using different payloads and various encodings, but all the payloads were sanitized. Continuing my investigation, I tested some payloads on the same parameter on one of their regional sites using different encodings, but all attempts failed. Finally, I tried a double URL-encoded payload on that regional website, which successfully executed a Reflected Cross-Site Scripting (RXSS)[3].

Below are some steps which I have tried for finding this vulnerability:

Timeline:

◘ 2nd March 2023Report Submitted through MSRC Portal

◘ 2nd March 2023 — MSRC team confirmed and opened a case for this issue

◘ 10th March 2023 — MSRC team changed the status Review / Repro to Develop

◘ 15th March 2023 — MSRC team changed the status Develop to Fix.

I always love to find security issues manually because I believe that finding a security bug is like creating a work of art. Scanning for vulnerabilities using publicly available tools is only useful for a limited time period and in specific circumstances on the other hand manual finding helps researchers to increase their knowledge on different areas.


文章来源: https://infosecwriteups.com/anatomy-of-a-reflected-xss-my-discovery-on-a-microsofts-subdomain-7a237aba4392?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh