Multiple XSS in skype.com

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · bug-bounty
quality 6/10 · good
0 net
AI Summary

Researcher discovered multiple stored and blind XSS vulnerabilities in Skype subdomains (manager.skype.com and secure.skype.com) via unsanitized group_name parameter that could be exploited to escalate privileges, execute malicious scripts on other users, and achieve account takeover through credential/cookie theft.

Tags
xss stored-xss reflected-xss bxss input-sanitization microsoft skype account-takeover privilege-escalation cookie-theft bug-bounty
Entities
Jayateertha Guruprasad manager.skype.com secure.skype.com Microsoft XSSHunter CVE not provided
Multiple xss in *.skype.com (2) | by Jayateertha Guruprasad - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Multiple xss in *.skype.com (2) PART 2: Jayateertha Guruprasad Follow ~2 min read · April 10, 2019 (Updated: October 30, 2022) · Free: Yes PART 2: So If you have read the part 1, You would have seen that I found a stored-self Xss in manager.skype.com which was getting escalated in the option("make the USER as admin of group_name") as group_name was not properly sanitized there. Here's what I did to affect other users,You just need to create a invite link and make a user join your group. Once ,the user joins your group ,You just need to make him as admin using the option I mentioned earlier.(requires no user interactions once he joins the group) Once user is made as admin ,He will now see the same option called ("make the USER as admin of group_name"), where the gropu_name was not sanitized and xss gets executed successfully on the user also!!! So It all ended??? No, I did more research and put a BXSS payload ">