xss in Microsoft mobile domain

Cookies xss in Microsoft mobile domain also it have xframe open vulnerability for click jacking

Domain: m.microsoft.com

Poc url steps for reproduce issue are same in both url so I am send both url and steps by using one of them

Poc urls :

1.        http://m.microsoft.com/showcase/en/US/Search.mspx?a=results&mid=3900&phrase=%5burl%3djavascript:alert(document.cookie)%5dClick%20here%20to%20see%20Result%5b/url%5d&Search=

2.       http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url]

Vulnerable parameter: phrase=

Steps for reproduce issue

Poc url

http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result[/url]

when users use url .That give a result in Microsoft site like

Result is show click here to see result

When user click on that xss payload run its depend on you which type you want like alert , prompt or more harmful for users like steal cookies of users of Microsoft account

More like cookie xss

When I am more research on that I found that its also have click jacking vulnerability then I am use that also with xss now  

I am set new poc and make a site with some button when user come to my site and click on any button I can steal users cookie of Microsoft account with sessions

See how … that’s my site when come

User click on click here button

See what’s behind the click button

In behind a Microsoft site page in a frame by this an attacker can easily capture cookies of users

Thanks…….  Happy hunting

Poc By --  Jitendra Jaiswal

Facebook/desihack

twitter/jeetjaiswal22