In the name of Allah the beneficent the Merciful.
Few months Ago i discovered CSRF issue in microsoft which could have let me add any microsoft user as family member and then track their information.
This was a serious issue in https://account.microsoft.com/
By this bug i could have made the victim to accept family
member invitation.
Proof of Concept steps :
Suppose attacker has two emails attacker@outlook.com , attacker1@outlook.com
and victim has one email victim@outlook.com
1)Login as attacker@outlook.com and go to
https://account.microsoft.com/
and then add victim@outlook.com as your child in family member section.
2) Then add attacker1@outlook.com also as child .
3) Microsoft will send an email to accept invitation to both the accounts
attacker1@outlook.com and victim@outlook.com .
4) Now attacker will go to attacker1@outlook.com
and he will look for the invitation email .
It looks like this
https://account.microsoft.com/
5) In the above link see the parameter
email=
this is base 64 of attacker1@outlook.com
6) So, now attacker will base 64 victim's email address
i.e,, base64(victim@outlook.com) is dmljdGltQG91dGxvb2suY29t
Now replace with the above email then it becomes
https://account.microsoft.com/
dmljdGltQG91dGxvb2suY29t&ma=0&
7) Now when you give the above link to victim@outlook.com it will ask
for confirmation .
Okay not bad there is mitigation for that as well :)
just append matchAccount=true to the above url
then it will become like this
https://account.microsoft.com/
dmljdGltQG91dGxvb2suY29t&ma=0&
8) Perfect now when you give the above link to victim@outlook.com ,
then csrf will be performed without his verification .
And victim@outlook.com will be verified as child of attacker@outlook.com
Impact of Vulnerability :
The impact of this bug was very dangerous.Attacker would have get to know victim's activity , their history ,webbrowsing , could have blocked few websites for him , etc.
Microsoft Has fixed the issue and acknowledge as security researcher.
Now it's no longer possible to add anyone as our family member.
Iam very happy to safe the privacy of microsoft users data.
Here is CTF key : 596f755f676f745f696e746f5f626c6f67
Thanks for Reading
Jai Hind :)
Contact info :
facebook : facebook.com/haji.mohd871
twitter : @mohdhaji24
linkedin : linkedin.com/in/mohd-haji-490960a0
facebook : facebook.com/haji.mohd871
twitter : @mohdhaji24
linkedin : linkedin.com/in/mohd-haji-490960a0
Hey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Hi if you want to know about Paypal merchant account also visit our website 5starprocessing.com
ReplyDeleteHi Guy's
ReplyDeleteFresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>2$ each with SSN+DOB+DL
>>5$ each for premium (also included relative info)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SMTP Linux Root
DUMPS with pins track 1 and 2
Socks, rdp's, vpn's
Server I.P's
HQ Emails with passwords
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
This frequently is amazing to me how bloggers for example yourself can find the time and also the commitment to keep on writing terrific content. Your website isgreat and one of my own ought to read blogs. I just had to thank you. white house market
ReplyDeleteWe are providing fresh databases for fullz & Tools
ReplyDeleteAll stuff will be fresh, Genuine, Legit & Guaranteed
Our team is available for you 24/7
If you need anything regarding
Hacking|Carding|Fullz|Tools|tutorials|Ebooks
Just let us know
we'll fulfill your demand in mins
Contact Here
Whats-app +92.317. 272.1122
T-ele-gram/I.C.Q @killhacks
Wickr or Skype @peeterhacks
Mail exploit dot tools4u at gmail dot-com
SSN fullz with DL info
USA Pros with good credit scores
Dumps with Pins/CC with CVV's
Hacking tools & Tutorials
S-pamming complete stuff with all tools
CArding Methods of cashouts, transfers, cloning
Mailers & RDP's
Many other tools We can provide on demand
Let us know what you need !