all InfoSec news
Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain
InfoSec Write-ups - Medium infosecwriteups.com
A few days ago, while browsing the website visualstudio.microsoft.com[1], I performed some tests on that Microsoft’s subdomain to check for any potential vulnerabilities. After multiple attempts, I was unable to find any security flaws, except for a Self XSS issue on their second search bar on the download page. To explore further, I fetched the website’s archived links using Archivefinder[2], and discovered another search parameter(q). I tested this parameter using different payloads and various encodings, but …
bug bounty bugs cybersecurity discovery microsoft reflected xss subdomain xss xss-attack xss-vulnerability