Web: https://infosecwriteups.com/anatomy-of-a-reflected-xss-my-discovery-on-a-microsofts-subdomain-7a237aba4392?source=rss----7b722bfd1b8d---4

March 17, 2023, 9:33 a.m. | Sawrav Chowdhury

InfoSec Write-ups - Medium infosecwriteups.com

A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on that Microsoft’s subdomain to check for any potential vulnerabilities. After multiple attempts, I was unable to find any security flaws, except for a Self XSS issue on their second search bar on the download page. To explore further, I fetched the website’s archived links using Archivefinder[2], and discovered another search parameter(q). I tested this parameter using different payloads and various encodings, but …

bug bounty bugs cybersecurity discovery microsoft reflected xss subdomain xss xss-attack xss-vulnerability

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece

IT and process Control Security Architect

@ Statkraft | Oslo, Norway

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States

Senior Platform Security Engineer

@ Block | Melbourne, Australia

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

Cybersecurity Analyst

@ Visa | Bengaluru, India

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States