Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain | allinfosecnews.com

Web: https://infosecwriteups.com/anatomy-of-a-reflected-xss-my-discovery-on-a-microsofts-subdomain-7a237aba4392?source=rss----7b722bfd1b8d---4

March 17, 2023, 9:33 a.m. | Sawrav Chowdhury

InfoSec Write-ups - Medium infosecwriteups.com

A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on that Microsoft’s subdomain to check for any potential vulnerabilities. After multiple attempts, I was unable to find any security flaws, except for a Self XSS issue on their second search bar on the download page. To explore further, I fetched the website’s archived links using Archivefinder[2], and discovered another search parameter(q). I tested this parameter using different payloads and various encodings, but …

bug bounty bugs cybersecurity discovery microsoft reflected xss subdomain xss xss-attack xss-vulnerability

More from infosecwriteups.com / InfoSec Write-ups - Medium

MD2PDF — TryHackMe Walkthrough Writeup 1 day, 23 hours ago | infosecwriteups.com

tryhackme walkthrough writeup

How to Use SQLMap to Find SQL Injection Vulnerabilities 1 day, 23 hours ago | infosecwriteups.com

cybersecurity find hacking injection +5

A Hands-On Introduction To OWASP Top 10 2021 With TryHackMe 1 day, 23 hours ago | infosecwriteups.com

coding cybersecurity owasp owasp top 10 +5

Protecting Your iPhone from the Rising “Shoulder Surfing” Phone Theft Scheme 1 day, 23 hours ago | infosecwriteups.com

identity theft iphone mobile security phone +5

picoCTF writeup: Introductory web application injections 1 day, 23 hours ago | infosecwriteups.com

application ctf cybersecurity hacking +6

JWT Token Gatekeepers: Unleashing the Power of Secure Validation in Your Application 1 day, 23 hours ago | infosecwriteups.com

application coding cybersecurity jwt +6

Unveiling the Secrets: My Journey of Hacking Google’s OSS 1 day, 23 hours ago | infosecwriteups.com

bug bounty cybersecurity google hacking +5

How to Prevent Cross-Site Scripting (XSS) Attacks 1 day, 23 hours ago | infosecwriteups.com

attacks cross-site cross site scripting cybersecurity +6

Socket | Hack The Box Writeup/Walkthrough | By Md Amiruddin 3 days, 1 hour ago | infosecwriteups.com

box ctf-writeup cybersecurity hack +7

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany

View on infosec-jobs.com

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States

View on infosec-jobs.com

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States

View on infosec-jobs.com

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece

View on infosec-jobs.com

IT and process Control Security Architect

@ Statkraft | Oslo, Norway

View on infosec-jobs.com

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States

View on infosec-jobs.com

Senior Platform Security Engineer

@ Block | Melbourne, Australia

View on infosec-jobs.com

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

View on infosec-jobs.com

Cybersecurity Analyst

@ Visa | Bengaluru, India

View on infosec-jobs.com

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

View on infosec-jobs.com

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com