Stored XSS on techprofile Microsoft

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 10 hours ago · bug-bounty
quality 3/10 · low quality
0 net
AI Summary

A stored XSS vulnerability was discovered on Microsoft's TechProfile platform where unsanitized user input in profile fields could execute arbitrary JavaScript in victims' browsers, potentially leading to account takeover and privilege escalation. The vulnerability was reported on April 28, 2019 and patched by May 8, 2019.

Tags
stored-xss cross-site-scripting web-application-security input-validation bug-bounty microsoft account-takeover privilege-escalation
Entities
Mohammad Ali Syarief Microsoft Learn techprofile.microsoft.com OTG-INPVAL-002
Stored XSS on Techprofile Microsoft | by Mohammad Ali Syarief - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Stored XSS on Techprofile Microsoft Details to Reproduce Mohammad Ali Syarief Follow ~2 min read · May 9, 2019 (Updated: December 9, 2021) · Free: Yes Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. ** Introduction Profile on Microsoft Learn Introducing a new approach to learning. The skills required to advance your career and earn your spot at the top do not come easily. Now there's a more rewarding approach to hands-on learning that helps you achieve your goals faster. Earn points, levels, and achieve more! ** The bug Vulnerability: XSS Stored (Stored Cross site scripting) Severity: High Owasp rank: (OTG-INPVAL-002) Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. Vulnerable Link on Profil : https://techprofile.microsoft.com/en-us/[profile ] ** Scenario POC 1. Attacker Edit Profil on https://techprofile.microsoft.com/en-us/edit 2. Set Payload XSS 3. Victim see Profil Attacker 4. Cookie send To Attacker Server ** Impact Users can execute arbitrary JavaScript code in the context of other users. This is critical when targeted users have high privileges. Attackers are then able to grant themselves the administrator privileges and even takeover the ownership of the New Relic account. The hacker selected the Cross-site Scripting (XSS) — Stored weakness. This vulnerability type requires contextual information from the hacker. ** Remediation To protect against stored XSS attacks, make sure any dynamic content coming from the data store cannot be used to inject JavaScript on a page. Referensi : https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002) 28/04/2019 ~ Report Vulnerability 30/04/2019 ~ Open Case. 08/05/2019 ~ -Patched / Fixed #security #bug-bounty #microsoft Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).
← Back to stories