fbpx

How I got Microsoft Hall of Fame – Appin Indore

How i got microsoft hall of fame

Hello Everyone

Recently I got Microsoft Hall of Fame

As Microsoft Security Response Ceneter (MSRC) Acknowledged the security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities.

Appin Microsoft Hall of Fame

 

Today i’m going to share my journey how i got this bug in one of the Microsoft owned domain.

Vulnerable Domain: https://www.healthvault.com/en-us

Vulnerability: “Open Redirect Vulnerability”

So my journey start to finding this bug as i just stumble upon https://www.healthvault.com/en-us and try to find out some Vulnerability on that domain.

First I login on https://www.healthvault.com/en-us with a valid credentials and goto Basic Profile section, where we can make changes in our profile. There’s a cancel link and this is the Vulnerable link for Open Redirect where Cancel Record with referrer parameter have “Open Redirect” Flaw https://account.healthvault.co.uk/Record/Cancel?referrer=%2f%2fwww.google.co.in

that redirect on other website, in the end it will redirect to www.google.co.in

thus , showing a redirection bug that is considered as very critical because it may be use for Phishing or redirect user to any Malicious Website.

I’m going to share a video POC so that Reader can understand in better way

I’ll Share more information & Tutorials about Open Redirect Vulnerability in my upcoming post.

Stay with Us & Thanks

Jafar Hasan

Appin Technology Lab, Indore

Jafar Hasan
Jafar Hasan
About Author
Jafar Hasan is a seasoned cybersecurity professional and a respected educator at one of Indore’s premier ethical hacking institutes. With over a decade of experience in the field, he is dedicated to enhancing online security through ethical hacking practices. Jafar shares his knowledge through insightful articles focusing on cybersecurity and ethical hacking.
With a commitment to ethical practices, he shapes future cyber defenders and is a respected authority in cybersecurity. Trust his expertise to navigate online security complexities and stay updated on the latest developments in this ever-evolving landscape.

Recent Posts

Get a Free Consultation

Get in Touch

First Name*
Last Name*
Phone Number*
Email*
City*
Qualification*
Powered by Bigin

Download Syllabus

First Name*
Last Name*
Phone Number*
Email*
How Did You Hear About Us?*
Description
Powered by Bigin

Make an Inquiry