all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain

Add to bookmarks
March 17, 2023, 9:33 a.m. | Sawrav Chowdhury

InfoSec Write-ups - Medium infosecwriteups.com

A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on that Microsoft’s subdomain to check for any potential vulnerabilities. After multiple attempts, I was unable to find any security flaws, except for a Self XSS issue on their second search bar on the download page. To explore further, I fetched the website’s archived links using Archivefinder[2], and discovered another search parameter(q). I tested this parameter using different payloads and various encodings, but …

bug bounty bugs cybersecurity discovery microsoft reflected xss subdomain xss xss-attack xss-vulnerability

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 1 day, 16 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 2 days, 16 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 3 days, 16 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 4 days, 17 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 4 days, 17 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 4 days, 17 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 4 days, 17 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 4 days, 17 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 4 days, 17 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States
View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052
View on infosec-jobs.com
View more jobs