Cross Site Scripting - XSS Vulnerability on

XSS Vulnerability on

XSS Vulnerability on

Well, this is my first finding on Microsoft. Actually this is a pretty old vulnerability, I found it in March 2014 but I was very lazy or what I don’t know, in writing the write-up for it. But finally made a mindset to share about it as soon as possible.

Directly coming to the point, it was a Cross Site Scripting vulnerability in one of Microsoft’s sub domain i.e.

Well, finding this vulnerability just came in mind while I was searching for a solution on their Forums for ‘Installing Visual Studio’. At last, I didn’t find a solution to my query but even didn’t end up empty handed. In fact, I ended up with this XSS vulnerability.

When I ended searching for solution in the Forums, I thought of getting my hands dirty on Bug Hunting. Below are the following steps I followed -
  1. I opened and in the search box, I entered the payload .
  2. Then the resulting URL was
  3. Then after crafting it, it was"> and opened it.
  4. Once again I came up with a search box, now I entered the payload and pressed Enter.
  5. Now this time I ended with a search result. So thought of trying it some other way. So I clicked on ‘Forums’ tab on the top of the page to start hunting again.
But Boom!! I got a pop-up.

Then after a few days of reporting it, I was just trying to check whether it’s patched or not. I tried the same procedure on my cell phone with ‘Symbian OS’. And it did show me the pop-up.

XSS Vulnerability on
*. Found : 11 March 2014 (12:20 am)
*. Reported : 11 March 2014 (2:35 am)
*. Fixed : 19 March 2014

Reward : Hall of Fame (Link)

Thanks for reading
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.