Xss in Microsoft
I have done the usual recon process and found a subdomain of microsoft (imagineacademy.microsoft.com) ,which faced XSS(cross side scripting) bug..
I had reported the same following responsible disclosure measures to microsoft ,in the month of march.
After few days,I received a confirmation mail from Microsoft stating that a –“ A ﬁx was conﬁrmed for the issue you presented. Microsoft would like to recognize your eﬀorts on our public security researcher acknowledgement page: “Security Researcher Acknowledgments for Microsoft Online Services”. “
This was my first bug report and achievement from Microsoft.
They have provided me security acknowledgement in their website(hall of fame equivalent for microsoft) and also swag(for other vulnerabilty,which i cannot disclose now).
The payload was simple one :<svg/onload=alert(document.charset)>,in the search bar.
This is my first article on my findings…..
I will continue to update my further finding,
To receive updates kindly follow me up.