First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft
Hi Everyone.
This time I would like to share an article about the findings of the XSS STORED Vulnerability in one of Microsoft Forum subdomains, namely https://powerusers.microsoft.com/ .
This is my first vulnerability finding in the Microsoft Security Response Center Program (MSRC). And at that time I tried to do an XSS search on all Microsoft subdomains, and the result I did not get any XSS there.
Finding 1 valid vulnerability opening was incredibly difficult, and I decided to just give up.
Until one day I found a post by another Bug Hunter Researcher on one of the Social Media Platforms that uploaded the XSS bug finding at Microsoft, it took me by surprise. Because it’s so easy for them to find XSS there. And that made me excited again to look for XSS there, until finally I found one of the Microsoft Forum subdomains in the form of https://powerusers.microsoft.com/.
At https://powerusers.microsoft.com/ I found many “POST QUESTIONS” upload features. Without waiting long, I tried to find XSS there.
Initially I tried POST QUESTIONS in URL :
In the Questions form I entered the XSS Payload in the “Subject” section.
Let’s see the result :
Turns out it’s not vulnerable. I tried POST QUESTIONS on another Form, and it’s the same, the TEXT output that carries the XSS payload in “Subject” is already sanitized or filtered.
Until finally I found one of the forms there, where the form displays the IFRAME of the Youtube Video. I think it might be vulnerable, because the TEXT output carrying the XSS payload is definitely not sanitized there.
Here’s the screenshot :
Let’s see the result :
Look, it turns out I was right. There Output Text carrying XSS content in the “Title” Form is not sanitized or filtered, so plain text carrying XSS content will be treated as HTML, then XSS is triggered.
Without waiting long, I then reported this finding to the MSRC Team via https://msrc.microsoft.com/create-report
It was great to find the first bug at Microsoft.
Timeline :
Report : Dec 6, 2021
Review/Repro : Dec 7, 2021
Develop : Dec 13, 2021
PreRelease : Jan 13, 2022
Complete : Jan 13, 2022