A security Researcher , Gambit, has discovered Cross site scripting vulnerability in Microsoft official website.
He found the vulnerability last month and reported the vulnerabilities to the Microsoft.
"Well last month I was looking around on MSN.com and Microsoft.com I found two XSS vulnerabilities, one in each domain. I reported the vulnerabilities to the Microsoft security team and secured a spot on their acknowledgments page."Gambit said in his blog.
Microsoft listed his name in the 'Security Researcher Acknowledgments for Microsoft Online Services' page.
'asia.perf.glbdns.microsoft.com' page is vulnerable to XSS. Researcher managed to execute the XSS code in the page.
POC: "asia.perf.glbdns.microsoft.com/files/top.php?domain=<script>alert(/Gambit/)</script>"
He found the vulnerability last month and reported the vulnerabilities to the Microsoft.
"Well last month I was looking around on MSN.com and Microsoft.com I found two XSS vulnerabilities, one in each domain. I reported the vulnerabilities to the Microsoft security team and secured a spot on their acknowledgments page."Gambit said in his blog.
Microsoft listed his name in the 'Security Researcher Acknowledgments for Microsoft Online Services' page.
'asia.perf.glbdns.microsoft.com' page is vulnerable to XSS. Researcher managed to execute the XSS code in the page.
POC: "asia.perf.glbdns.microsoft.com/files/top.php?domain=<script>alert(/Gambit/)</script>"