Home Microsoft open redirect Microsoft Open Redirect

Microsoft Open Redirect

By
03:48
Read
Add Comment
Hey everyone out there ! Here i come with an open redirect vulnerability on *.Microsoft.com :-) so in short i'm going to tell you whole story how i got that shit.



The whole matter started when one of my best friend "Aakash Kumar" got acknowledged on Microsoft :O i decided i need to come up on that list too :P

I was getting mad regarding HoF of MS, Then i stated getting subdomain :D and then i got  a subdomain where i can make a tenant page on MS  and it have open redirect but i was afraid of invalid for this issue. The URL is mentioned bellow.

http://<tenant>.mms.microsoft.com/returnUrl=anydomain.com 


Then i tried the same parameter on :-


the crafted link was :


And woah ! it got redirected and the best thing was it doesn't require any sign in or anything, direct redirection to any domain @__@


Bug timeline 

14 Feb : Bug found and reported
15 Feb : Case opened from MS
04 March : HoF + MSDN Subscription rewarded

Tags :

3 comments:

  1. Unknown4 March 2016 at 04:16

    And we give a fuck ? asshole ? fucking idiot
    -Shubham Singh

    ReplyDelete
  2. Unknown14 January 2018 at 14:31

    I DONT KNOW WHAT YOU HAVE BEEN THROUGH OR HOW LONG YOU HAVE BEEN LOOKING BUT THIS IS THE LAST STOP AS THERE IS A HACKER WHO CAN HELP YOU WITH SPY WARE ON YOUR CHEATING PARTNER OR UPGRADE YOUR SCHOOL SCORES OR HELP WITH RESULT AND CLEAR ANY CRIMINAL RECORD..

    HACKING OF FACEBOOK , EMAIL , AND BANK ACCOUNTS ARE HIS SPECIALTY.. EMAIL : GREENFR1007@GMAIL.COM OR SKYPE:SATISH.ANCHAN4

    BEST EVER

    ReplyDelete

Subscribe to: Post Comments ( Atom )
Powered by Blogger.

Created By Themexpose · Powered by Blogger
All rights reserved