Active Members akkiliON Posted October 1, 2022 Active Members Report Posted October 1, 2022 Salut. Am gasit doua vulnerabilitati XSS in aplicatiile detinute de cei de la Microsoft. Una este in Outlook, iar a doua intr-o alta aplicatie folosita si cunoscuta de multi... nu pot da detalii momentan deoarece nu a fost rezolvata nici una pana acum... Cel putin, nu am primit duplicat pe rapoartele trimise. 🙂 1. XSS reflected (without user interaction) - [*].live.com: 2. XSS reflected (user interaction required) - Outlook: Am observat ca si domeniile acestea sunt vulnerabile: office365.com si live.com. 9 2 Quote
Nytro Posted October 1, 2022 Report Posted October 1, 2022 Frumos, sunt curios cat o sa plateasca pentru ele. 1 Quote
Active Members 0xStrait Posted October 2, 2022 Active Members Report Posted October 2, 2022 Nice, felicitari! BTW (out of scope): https://api.partnercenter.microsoft.com/insights/v1/mpn/swagger/index.html?configUrl=https://pentesting.syzhack.com/swg/test.json 1 1 Quote
Active Members akkiliON Posted October 2, 2022 Author Active Members Report Posted October 2, 2022 On 10/1/2022 at 10:45 PM, Nytro said: Frumos, sunt curios cat o sa plateasca pentru ele. O sa revin cu un mesaj cand primesc vreo noutate.... O sa dureze sigur ceva timp.... 23 hours ago, GabrielRo said: Felicitări! 👏 Mersi ! 4 hours ago, 0xStrait said: Nice, felicitari! BTW (out of scope): https://api.partnercenter.microsoft.com/insights/v1/mpn/swagger/index.html?configUrl=https://pentesting.syzhack.com/swg/test.json Asta l-am gasit si eu si am vrut sa il raportez pentru HoF macar. Daca l-ai gasit si tu si ti-au zis ca e out-of-scope.... nu mai are rost.... 😅 3 hours ago, Zatarra said: N00b ai gasit si te-ai oprit Ma nO_Ob, pe tine cine te-o pus sa stai... treci la munci 😂 Quote
Active Members akkiliON Posted October 3, 2022 Author Active Members Report Posted October 3, 2022 (edited) Spoiler Thank you for taking the time to share your report. Based on the assessment from our engineering team, we have determined that your case 74XYZ is eligible for a US$3000.00 bounty award under the M365 Bounty Program. Congratulations! Vulnerabilitatea din [*].live.com. Azi am primit mesaj. Nu ma asteptam asa repede la un raspuns. 🙂 L.E: Au si reparat-o... LOL. Am verificat acum 😅 Edited October 3, 2022 by akkiliON 5 Quote
abraxyss Posted January 2, 2023 Report Posted January 2, 2023 Ai uitat sa zici daca te-au platit aka are rost sa cautam daca nu platesc? Pt HoF? Quote
Active Members akkiliON Posted January 2, 2023 Author Active Members Report Posted January 2, 2023 (edited) @abraxyss - Problema pe care am gasit-o in Outlook, nu am luat bani. Mi-au zis ca a fost identificata de altcineva. https://microsoft.com/en-us/msrc/bounty-online-services?rtc=1 Aici gasesti ce este in scop. Edited January 2, 2023 by akkiliON Quote