hackyzh
hackyzh
Nov 4 · 2 min read

Now I want to write an article about my exploiting Microsoft vulnerabilities. Because I am too lazy, I have never used to write articles. Now I try to share the vulnerability I have find.

This vulnerability exists in azure devops services. Because each vendor’s criteria are different, the handling of the vulnerability is different. Microsoft’s handling of this vulnerability is not fixed today, and will be fixed in the future.However, I still want to share some inspirations when I am doing Microsoft’s bug bounty project.

The vulnerability exists in this link https://dev.azure.com/hackyzh/xss/_settings/boards-external-integration#, and select “GitHub connections”, then select “GitHub Enterprise Server”.Finally enter the url in the selection box.How about this vulnerability? Is it very simple? As long as you are careful, you will find this vulnerability.

input payload url

Eventually this page will return some information.

169.254.169.254
127.0.0.1:80

Timeline :

  1. 15— September— 2019 : Report the issue to MSRC
  2. 17 — September— 2019 : MSRC open case #54027
  3. 10— October— 2019 : Consult the details of this issue
  4. 12 — October— 2019 : listed as a moderate severity
  5. 25 — October— 2019 : would not be eligible for bounty
  6. 31— October — 2019 : MSRC decided to fix this is in a future release
  7. — Now: publish

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade