Xss in Microsoft

May 18, 2018 · 1 min read

I have done the usual recon process and found a subdomain of microsoft (imagineacademy.microsoft.com) ,which faced XSS(cross side scripting) bug..

I had reported the same following responsible disclosure measures to microsoft ,in the month of march.

After few days,I received a confirmation mail from Microsoft stating that a –“ A fix was confirmed for the issue you presented. Microsoft would like to recognize your efforts on our public security researcher acknowledgement page: “Security Researcher Acknowledgments for Microsoft Online Services”. “

This was my first bug report and achievement from Microsoft.

They have provided me security acknowledgement in their website(hall of fame equivalent for microsoft) and also swag(for other vulnerabilty,which i cannot disclose now).

The payload was simple one :<svg/onload=alert(document.charset)>,in the search bar.

This is my first article on my findings…..

I will continue to update my further finding,

To receive updates kindly follow me up.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store