Active Members akkiliON Posted October 1, 2022 Active Members Report Share Posted October 1, 2022 Salut. Am gasit doua vulnerabilitati XSS in aplicatiile detinute de cei de la Microsoft. Una este in Outlook, iar a doua intr-o alta aplicatie folosita si cunoscuta de multi... nu pot da detalii momentan deoarece nu a fost rezolvata nici una pana acum... Cel putin, nu am primit duplicat pe rapoartele trimise. 🙂 1. XSS reflected (without user interaction) - [*].live.com: 2. XSS reflected (user interaction required) - Outlook: Am observat ca si domeniile acestea sunt vulnerabile: office365.com si live.com. 9 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 1, 2022 Report Share Posted October 1, 2022 Frumos, sunt curios cat o sa plateasca pentru ele. 1 Quote Link to comment Share on other sites More sharing options...
GabrielRo Posted October 1, 2022 Report Share Posted October 1, 2022 Felicitări! 👏 1 Quote Link to comment Share on other sites More sharing options...
Active Members 0xStrait Posted October 2, 2022 Active Members Report Share Posted October 2, 2022 Nice, felicitari! BTW (out of scope): https://api.partnercenter.microsoft.com/insights/v1/mpn/swagger/index.html?configUrl=https://pentesting.syzhack.com/swg/test.json 1 1 Quote Link to comment Share on other sites More sharing options...
Zatarra Posted October 2, 2022 Report Share Posted October 2, 2022 N00b ai gasit si te-ai oprit 1 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted October 2, 2022 Author Active Members Report Share Posted October 2, 2022 On 10/1/2022 at 10:45 PM, Nytro said: Frumos, sunt curios cat o sa plateasca pentru ele. O sa revin cu un mesaj cand primesc vreo noutate.... O sa dureze sigur ceva timp.... 23 hours ago, GabrielRo said: Felicitări! 👏 Mersi ! 4 hours ago, 0xStrait said: Nice, felicitari! BTW (out of scope): https://api.partnercenter.microsoft.com/insights/v1/mpn/swagger/index.html?configUrl=https://pentesting.syzhack.com/swg/test.json Asta l-am gasit si eu si am vrut sa il raportez pentru HoF macar. Daca l-ai gasit si tu si ti-au zis ca e out-of-scope.... nu mai are rost.... 😅 3 hours ago, Zatarra said: N00b ai gasit si te-ai oprit Ma nO_Ob, pe tine cine te-o pus sa stai... treci la munci 😂 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted October 3, 2022 Author Active Members Report Share Posted October 3, 2022 (edited) Spoiler Thank you for taking the time to share your report. Based on the assessment from our engineering team, we have determined that your case 74XYZ is eligible for a US$3000.00 bounty award under the M365 Bounty Program. Congratulations! Vulnerabilitatea din [*].live.com. Azi am primit mesaj. Nu ma asteptam asa repede la un raspuns. 🙂 L.E: Au si reparat-o... LOL. Am verificat acum 😅 Edited October 3, 2022 by akkiliON 5 Quote Link to comment Share on other sites More sharing options...
abraxyss Posted January 2, 2023 Report Share Posted January 2, 2023 Ai uitat sa zici daca te-au platit aka are rost sa cautam daca nu platesc? Pt HoF? Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted January 2, 2023 Author Active Members Report Share Posted January 2, 2023 (edited) @abraxyss - Problema pe care am gasit-o in Outlook, nu am luat bani. Mi-au zis ca a fost identificata de altcineva. https://microsoft.com/en-us/msrc/bounty-online-services?rtc=1 Aici gasesti ce este in scop. Edited January 2, 2023 by akkiliON Quote Link to comment Share on other sites More sharing options...