René's URL Explorer Experiment


Title: GitHub - bribes/awesome-msrc-writeups: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program · GitHub

Open Graph Title: GitHub - bribes/awesome-msrc-writeups: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program

X Title: GitHub - bribes/awesome-msrc-writeups: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program

Description: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program - bribes/awesome-msrc-writeups

Open Graph Description: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program - bribes/awesome-msrc-writeups

X Description: 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program - bribes/awesome-msrc-writeups

Opengraph URL: https://github.com/bribes/awesome-msrc-writeups

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:544ba698-e9ce-f764-1e26-d18c747c11f9
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idA2CE:11BE9D:1B3149F:279FED0:6A4BC5BD
html-safe-nonce5e4ce00dacd65302d618ed8324a5c97d34e1be8c2023165f9e73c11136962891
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBMkNFOjExQkU5RDoxQjMxNDlGOjI3OUZFRDA6NkE0QkM1QkQiLCJ2aXNpdG9yX2lkIjoiODM1NTUyNzEzMjg3NzQwNzY3NyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac092f37b618b4046ba1fc1f9281afc4f7a1c0c4034a5608b5c8b371d19a710d1e
hovercard-subject-tagrepository:1019729767
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/bribes/awesome-msrc-writeups
twitter:imagehttps://opengraph.githubassets.com/41a35de44e434f9a8ae5d2b72edc0c141c16b5bd96b63ef578aa1d4eec837c98/bribes/awesome-msrc-writeups
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/41a35de44e434f9a8ae5d2b72edc0c141c16b5bd96b63ef578aa1d4eec837c98/bribes/awesome-msrc-writeups
og:image:alt🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program - bribes/awesome-msrc-writeups
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None14aa00ce5bdb34d0eefb5facbffd7de9e144c688d8a93ef8df902d5f94b51dd7
turbo-cache-controlno-cache
go-importgithub.com/bribes/awesome-msrc-writeups git https://github.com/bribes/awesome-msrc-writeups.git
octolytics-dimension-user_id52789876
octolytics-dimension-user_loginbribes
octolytics-dimension-repository_id1019729767
octolytics-dimension-repository_nwobribes/awesome-msrc-writeups
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id234141449
octolytics-dimension-repository_parent_nwoxdavidhu/awesome-google-vrp-writeups
octolytics-dimension-repository_network_root_id234141449
octolytics-dimension-repository_network_root_nwoxdavidhu/awesome-google-vrp-writeups
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release58b8f89190447502561829f30862aa0a99d53367
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/bribes/awesome-msrc-writeups#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fbribes%2Fawesome-msrc-writeups
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fbribes%2Fawesome-msrc-writeups
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=bribes%2Fawesome-msrc-writeups
Reloadhttps://github.com/bribes/awesome-msrc-writeups
Reloadhttps://github.com/bribes/awesome-msrc-writeups
Reloadhttps://github.com/bribes/awesome-msrc-writeups
bribes https://github.com/bribes
awesome-msrc-writeupshttps://github.com/bribes/awesome-msrc-writeups
xdavidhu/awesome-google-vrp-writeupshttps://github.com/xdavidhu/awesome-google-vrp-writeups
Notifications https://github.com/login?return_to=%2Fbribes%2Fawesome-msrc-writeups
Fork 3 https://github.com/login?return_to=%2Fbribes%2Fawesome-msrc-writeups
Star 36 https://github.com/login?return_to=%2Fbribes%2Fawesome-msrc-writeups
Code https://github.com/bribes/awesome-msrc-writeups
Pull requests 0 https://github.com/bribes/awesome-msrc-writeups/pulls
Actions https://github.com/bribes/awesome-msrc-writeups/actions
Projects https://github.com/bribes/awesome-msrc-writeups/projects
Security and quality 0 https://github.com/bribes/awesome-msrc-writeups/security
Insights https://github.com/bribes/awesome-msrc-writeups/pulse
Code https://github.com/bribes/awesome-msrc-writeups
Pull requests https://github.com/bribes/awesome-msrc-writeups/pulls
Actions https://github.com/bribes/awesome-msrc-writeups/actions
Projects https://github.com/bribes/awesome-msrc-writeups/projects
Security and quality https://github.com/bribes/awesome-msrc-writeups/security
Insights https://github.com/bribes/awesome-msrc-writeups/pulse
https://github.com/bribes/awesome-msrc-writeups
Brancheshttps://github.com/bribes/awesome-msrc-writeups/branches
Tagshttps://github.com/bribes/awesome-msrc-writeups/tags
https://github.com/bribes/awesome-msrc-writeups/branches
https://github.com/bribes/awesome-msrc-writeups/tags
482 Commitshttps://github.com/bribes/awesome-msrc-writeups/commits/master/
https://github.com/bribes/awesome-msrc-writeups/commits/master/
.github/workflowshttps://github.com/bribes/awesome-msrc-writeups/tree/master/.github/workflows
.github/workflowshttps://github.com/bribes/awesome-msrc-writeups/tree/master/.github/workflows
infrahttps://github.com/bribes/awesome-msrc-writeups/tree/master/infra
infrahttps://github.com/bribes/awesome-msrc-writeups/tree/master/infra
README.mdhttps://github.com/bribes/awesome-msrc-writeups/blob/master/README.md
README.mdhttps://github.com/bribes/awesome-msrc-writeups/blob/master/README.md
writeups.csvhttps://github.com/bribes/awesome-msrc-writeups/blob/master/writeups.csv
writeups.csvhttps://github.com/bribes/awesome-msrc-writeups/blob/master/writeups.csv
READMEhttps://github.com/bribes/awesome-msrc-writeups
https://github.com/bribes/awesome-msrc-writeups#awesome-msrc-writeups
Awesome Google VRP Writeupshttps://github.com/xdavidhu/awesome-google-vrp-writeups
https://github.com/bribes/awesome-msrc-writeups#contributing
https://github.com/bribes/awesome-msrc-writeups#writeups
https://github.com/bribes/awesome-msrc-writeups#2025
Microsoft 365 Copilot – Arbitrary Data Exfiltration Via Mermaid Diagramshttps://www.adamlogue.com/microsoft-365-copilot-arbitrary-data-exfiltration-via-mermaid-diagrams-fixed/
*https://github.com/bribes/awesome-msrc-writeups
Adam Loguehttps://x.com/Adam_Logue
Microsoft Events Leak, Part II: Leaking Event Registration Database Againhttps://blog.faav.net/microsoft-events-leak-part-ii
*https://github.com/bribes/awesome-msrc-writeups
Faavhttps://x.com/efaav
Microsoft Events Leak, Part I: Leaking Event Registration and Waitlist Databaseshttps://blog.faav.net/microsoft-events-leak-part-i
*https://github.com/bribes/awesome-msrc-writeups
Faavhttps://x.com/efaav
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokenshttps://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
*https://github.com/bribes/awesome-msrc-writeups
Dirk-jan Mollemahttps://x.com/_dirkjan
Cross-Tenant Access Exploit in Microsoft Entra ID: Breaking Governance with a simple trickhttps://medium.com/@bashir69emceeaka5/cross-tenant-access-exploit-in-microsoft-entra-id-breaking-governance-with-a-simple-trick-a06d88fe309e
*https://github.com/bribes/awesome-msrc-writeups
Bashir Mohamed (BlackPanther87)https://x.com/Panther82Black
Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Recordshttps://blog.faav.net/microsoft-partner-leak
*https://github.com/bribes/awesome-msrc-writeups
Faavhttps://x.com/efaav
How a Simple Endpoint Earned Me a $7500 Bounty from Microsofthttps://medium.com/@gourisankara357/how-a-simple-endpoint-earned-me-a-7500-bounty-from-microsoft-1891a35d40be
*https://github.com/bribes/awesome-msrc-writeups
Gouri Sankar Ahttps://x.com/g0w6y
How I Found an XSS Vulnerability in a Microsoft subdomainhttps://medium.com/@anonymousshetty2003/how-i-found-an-xss-vulnerability-in-a-microsoft-subdomain-4abf0da5c3e9
*https://github.com/bribes/awesome-msrc-writeups
Arjun Shettyhttps://www.linkedin.com/in/arjun-shetty-255049229/
Break into any Microsoft building: Leaking PII in Microsoft Guest Check-Inhttps://blog.faav.net/break-into-any-microsoft-building
*https://github.com/bribes/awesome-msrc-writeups
Faavhttps://x.com/efaav
Triple Trouble: Bypassing Sanitization to Steal Microsoft Tokenshttps://melotover.medium.com/triple-trouble-bypassing-sanitization-to-steal-microsoft-tokens-d89a68be7ab2
*https://github.com/bribes/awesome-msrc-writeups
Asem Elerakyhttps://x.com/Melotover
Account takeover vulnerability in Azure’s API Management Developer Portalhttps://outpost24.com/blog/account-takeover-vulnerability-in-azures-api-management-developer-portal/
*https://github.com/bribes/awesome-msrc-writeups
Thomas Staceyhttps://x.com/t0xodile
Unveiling the Secrets: SSRF Adventures in Microsoft’s AI Playgroundhttps://poneglyph.cloud/unveiling-the-secrets-ssrf-adventures-in-microsofts-ai-playground/
*https://github.com/bribes/awesome-msrc-writeups
elhabtiesoufiane@gmail.comhttps://poneglyph.cloud/author/elhabtiesoufianegmail-com/
Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flowhttps://melotover.medium.com/escalating-impact-full-account-takeover-in-microsoft-via-xss-in-login-flow-f160fa79b008
*https://github.com/bribes/awesome-msrc-writeups
Asem Elerakyhttps://x.com/Melotover
https://github.com/bribes/awesome-msrc-writeups#2024
How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachmentshttps://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b
*https://github.com/bribes/awesome-msrc-writeups
Moblighttps://x.com/moblig_
From 401 — Unauthorized Access to 3000 $ Bounty from Microsoft.https://medium.com/@bashir69emceeaka5/from-401-unauthorized-access-to-3000-bounty-from-microsoft-53b086379a08
*https://github.com/bribes/awesome-msrc-writeups
Bashir Mohamed (BlackPanther87)https://x.com/Panther82Black
How I got a 5000 $ Bounty from Microsofthttps://medium.com/@bashir69emceeaka5/how-i-got-a-5000-bounty-from-microsoft-fb2e27fd40f7
*https://github.com/bribes/awesome-msrc-writeups
Bashir Mohamed (BlackPanther87)https://x.com/Panther82Black
Escalating from Reader to Contributor in Azure API Managementhttps://binarysecurity.no/posts/2024/09/apim-privilege-escalation
*https://github.com/bribes/awesome-msrc-writeups
Christian Hålandhttps://x.com/christianhland
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexinghttps://infosecwriteups.com/persistent-xss-vulnerability-on-microsoft-bings-video-indexing-system-a46db992ac7b
*https://github.com/bribes/awesome-msrc-writeups
Supakiad S. (m3ez)https://x.com/Supakiad_Mee
Dynamics 365 Business Central - A Journey With Ups and Downshttps://frycos.github.io/vulns4free/2024/07/10/dynamics-ups-and-downs.html
*https://github.com/bribes/awesome-msrc-writeups
Frycoshttps://x.com/frycos
CVE-2024-20693: Windows cached code signature manipulationhttps://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation/
*https://github.com/bribes/awesome-msrc-writeups
Sector7https://x.com/sector7_nl
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)https://www.tenable.com/blog/these-services-shall-not-pass-abusing-service-tags-to-bypass-azure-firewall-rules-customer
*https://github.com/bribes/awesome-msrc-writeups
Liv Matanhttps://x.com/terminatorLM
Multiple vulnerabilities in Eclipse ThreadXhttps://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/
*https://github.com/bribes/awesome-msrc-writeups
Marco Ivaldihttps://x.com/0xdea
My Hunt: Discovering Microsoft Bugshttps://c0d3x27.medium.com/my-hunt-discovering-microsoft-bugs-f6a9c790bec0
*https://github.com/bribes/awesome-msrc-writeups
c0d3x27https://x.com/c0d3x27
Lethal Injection: How We Hacked Microsoft's Healthcare Chat Bothttps://www.breachproof.net/blog/lethal-injection-how-we-hacked-microsoft-ai-chat-bot
*https://github.com/bribes/awesome-msrc-writeups
Yanir Tsarimihttps://x.com/Yanir_
JSON CSRF in Microsoft Bing Maps Collectionshttps://infosecwriteups.com/json-csrf-in-microsoft-bing-maps-collections-74afc2b197d5
*https://github.com/bribes/awesome-msrc-writeups
Jayateertha Guruprasadhttps://x.com/jayateerthag
Azure Devops Zero-Click CI/CD Vulnerabilityhttps://www.legitsecurity.com/blog/azure-devops-zero-click-ci/cd-vulnerability
*https://github.com/bribes/awesome-msrc-writeups
Nadav Noyhttps://x.com/nadavnoy
Unrestricted File Upload Lead to Stored XSS at Microsoft main domainhttps://medium.com/@cavdarbashas/unrestricted-file-upload-lead-to-stored-xss-at-microsoft-main-domain-baa9cadac6bd
*https://github.com/bribes/awesome-msrc-writeups
Sokol Çavdarbashahttps://x.com/sokolicav
https://github.com/bribes/awesome-msrc-writeups#2023
2023 Microsoft Office XSShttps://blog.pksecurity.io/2023/10/04/microsoft-office.html
*https://github.com/bribes/awesome-msrc-writeups
adm1nkyj1https://x.com/adm1nkyj1
Knocking on the Front Door (client side desync attack on Azure CDN)https://blog.jeti.pw/posts/knocking-on-the-front-door/
*https://github.com/bribes/awesome-msrc-writeups
Jetihttps://x.com/0xJeti
How I Hacked Microsoft Teams and got $150,000 in Pwn2Ownhttps://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own
*https://github.com/bribes/awesome-msrc-writeups
Masato Kinugawahttps://x.com/kinugawamasato
Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of Adminhttps://cybersecuritywriteups.com/story-of-clickjacking-in-microsoft-leads-to-privilege-escalation-account-takeover-of-admin-a04453ed47fc
*https://github.com/bribes/awesome-msrc-writeups
Abdul Rehman Parkarhttps://x.com/abdulrehmanprkr
How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bountyhttps://namcoder.com/blog/how-i-found-dom-xss-on-bingcom-microsoft-bug-bounty-write-up/
*https://github.com/bribes/awesome-msrc-writeups
Nam Lehttps://x.com/namcoder_com
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrameshttps://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services/
*https://github.com/bribes/awesome-msrc-writeups
Lidor Ben Shitrithttps://orca.security/resources/author/lidor-ben-shitrit/
Send email from anyone to any(user outlook Microsoft)https://infosecwriteups.com/send-email-from-anyone-to-any-user-outlook-microsoft-69fce333066d
*https://github.com/bribes/awesome-msrc-writeups
Abbas.heybatihttps://x.com/abbas_heybati
How I Found Stored XSS + HTML Injection Vulnerability on Microsofthttps://cybersecuritywriteups.com/how-i-found-stored-xss-html-injection-vulnerability-on-microsoft-6b8682c03680
*https://github.com/bribes/awesome-msrc-writeups
Abdul Rehman Parkarhttps://x.com/abdulrehmanprkr
Uncovering 3 Azure API Management Vulnerabilities – When Good APIs Go Badhttps://www.tenable.com/blog/uncovering-3-azure-api-management-vulnerabilities-when-good-apis-go-bad
*https://github.com/bribes/awesome-msrc-writeups
Liv Matanhttps://x.com/terminatorLM
XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websiteshttps://infosecwriteups.com/xs-leak-deanonymize-microsoft-skype-users-by-any-3rd-party-website-69849e4501a8
*https://github.com/bribes/awesome-msrc-writeups
Jayateertha Guruprasadhttps://x.com/jayateerthag
2 XSS on Microsofthttps://medium.com/@nikouei_com/2-xss-on-microsoft-37b6a7efcc84
*https://github.com/bribes/awesome-msrc-writeups
Mohammad Nikoueihttps://x.com/NikoueiMohammad
Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/
*https://github.com/bribes/awesome-msrc-writeups
Lidor Ben Shitrithttps://orca.security/resources/author/lidor-ben-shitrit/
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeoverhttps://www.wiz.io/blog/azure-active-directory-bing-misconfiguration
*https://github.com/bribes/awesome-msrc-writeups
Hillai Ben-Sassonhttps://x.com/hillai
Microsoft Azure User Active Directory Invitation Spoofing Vulnerabilityhttps://cybersecuritywriteups.com/azure-user-invitation-spoofing-vulnerability-656cd543b13f
*https://github.com/bribes/awesome-msrc-writeups
Abdul Rehman Parkarhttps://x.com/abdulrehmanprkr
Escalating Privileges with Azure Function Appshttps://www.netspi.com/blog/technical-blog/cloud-penetration-testing/azure-function-apps/
*https://github.com/bribes/awesome-msrc-writeups
Karl Fosaaenhttps://x.com/kfosaaen
BlueHat 2023: Catch Me If You Can in the Eyes of Authorization with Cameron Vincent & Sean Hincheehttps://www.youtube.com/watch?v=DlDONiCvtyE
*https://github.com/bribes/awesome-msrc-writeups
Cameron Vincenthttps://x.com/SecretlyHidden1
How I found DOM-Based XSS on Microsoft MSRC and How they fixed ithttps://infosecwriteups.com/how-i-found-dom-based-xss-on-microsoft-msrc-and-how-they-fixed-it-8b71a6020c82
*https://github.com/bribes/awesome-msrc-writeups
Supakiad S. (m3ez)https://x.com/Supakiad_Mee
Hacking the Search Bar: The Story of Discovering and Reporting an XSS Vulnerability on Bing.comhttps://medium.com/@niraj1mahajan/hacking-the-search-bar-the-story-of-discovering-and-reporting-an-xss-vulnerability-on-bing-com-cac2f241835
*https://github.com/bribes/awesome-msrc-writeups
Niraj Mahajanhttps://x.com/niraj1mahajan
Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Formshttps://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261
*https://github.com/bribes/awesome-msrc-writeups
Supakiad S. (m3ez)https://x.com/Supakiad_Mee
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Serviceshttps://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
*https://github.com/bribes/awesome-msrc-writeups
Lidor Ben Shitrithttps://orca.security/resources/author/lidor-ben-shitrit/
https://github.com/bribes/awesome-msrc-writeups#2022
Stored XSS vulnerability in Microsoft bookinghttps://mtechghost.medium.com/stored-xss-vulnerability-in-microsoft-booking-e593de3344e0
*https://github.com/bribes/awesome-msrc-writeups
Mrtechghosthttps://x.com/Mrtechghost
Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)https://infosecwriteups.com/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd
*https://github.com/bribes/awesome-msrc-writeups
Supakiad S. (m3ez)https://x.com/Supakiad_Mee
Blind SSRF in Skype (Microsoft)https://infosecwriteups.com/blind-ssrf-in-skype-microsoft-6639f4961052
*https://github.com/bribes/awesome-msrc-writeups
Jayateertha Guruprasadhttps://x.com/jayateerthag
$6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bountyhttps://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922
*https://github.com/bribes/awesome-msrc-writeups
Neh Patelhttps://x.com/thecyberneh
New technique 403 bypass lyncdiscover.microsoft.comhttps://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33
*https://github.com/bribes/awesome-msrc-writeups
Abbas.heybatihttps://x.com/abbas_heybati
Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!https://blog.orange.tw/posts/2022-08-lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis/
*https://github.com/bribes/awesome-msrc-writeups
Orange Tsaihttps://x.com/orange_8361
Reading Message from Microsoft’s Private Yammer Grouphttps://mearegtu.medium.com/reading-message-from-microsofts-private-yammer-group-6be844639bca
*https://github.com/bribes/awesome-msrc-writeups
Meareghttps://mearegtu.medium.com/
Microsoft Teams — Cross Site Scripting (XSS) Bypass CSPhttps://medium.com/@numanturle/microsoft-teams-stored-xss-bypass-csp-8b4a7f5fccbf
*https://github.com/bribes/awesome-msrc-writeups
numanturlehttps://x.com/numanturle
Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bountyhttps://hencohen10.medium.com/microsoft-dynamics-container-sandbox-rce-via-unauthenticated-docker-remote-api-20-000-bounty-7f726340a93b
*https://github.com/bribes/awesome-msrc-writeups
Chen Cohenhttps://x.com/chencococococo
Microsoft Cloud Security Research – Public Disclosure – Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user accounthttps://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account/
*https://github.com/bribes/awesome-msrc-writeups
Joosua Santasalohttps://x.com/santasalojoosua
Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendorshttps://mearegtu.medium.com/insecure-direct-object-reference-exposes-all-users-of-microsoft-azure-independent-software-vendors-bed3b45e509
*https://github.com/bribes/awesome-msrc-writeups
Meareghttps://mearegtu.medium.com/
I have Found Microsoft Subdomain Website database list, database username, passwordhttps://medium.com/@botami143/i-have-found-microsoft-subdomain-website-database-list-database-username-password-1dab07d0c8ea
*https://github.com/bribes/awesome-msrc-writeups
Bot Amihttps://x.com/Botami143
Escalating from Logic App Contributor to Root Owner in Azurehttps://www.netspi.com/blog/technical-blog/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner/
*https://github.com/bribes/awesome-msrc-writeups
Josh Magrihttps://www.netspi.com/authors/josh-magri/
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Servicehttps://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
*https://github.com/bribes/awesome-msrc-writeups
Yanir Tsarimihttps://x.com/Yanir_
First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsofthttps://aidilarf.medium.com/first-valid-bug-finding-at-microsoft-and-i-got-the-acknowledgments-page-microsoft-a2c185c53074
*https://github.com/bribes/awesome-msrc-writeups
Aidil Ariefhttps://aidilarf.medium.com/
I FOUND information disclosure Vulnerability at Microsoft Subdomainhttps://medium.com/@botami143/i-found-idor-vulnerability-at-microsoft-subdomain-b89b8777bf8d
*https://github.com/bribes/awesome-msrc-writeups
Bot Amihttps://x.com/Botami143
https://github.com/bribes/awesome-msrc-writeups#2021
Improper Authorization could allow access to more than 100,000 Microsoft Dynamics 365 for Partner Usershttps://mearegtu.medium.com/broken-access-control-cc6cfd793b15
*https://github.com/bribes/awesome-msrc-writeups
Meareghttps://mearegtu.medium.com/
Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)https://blog.thalium.re/posts/deserialization-bug-through-rdp-smart-card-extension/
*https://github.com/bribes/awesome-msrc-writeups
Valentino Ricottahttps://x.com/face0xff
Microsoft Azure Portal – Persistent Cross-Site Scriptinghttps://www.y-security.de/news-en/microsoft-azure-portal-persistent-cross-site-scripting/index.html
*https://github.com/bribes/awesome-msrc-writeups
Y-Securityhttps://x.com/ysecurity
Escalating Azure Privileges with the Log Analytics Contributor Rolehttps://www.netspi.com/blog/technical-blog/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/
*https://github.com/bribes/awesome-msrc-writeups
Karl Fosaaenhttps://x.com/kfosaaen
Finding Azurescape – Cross-Account Container Takeover in Azure Container Instanceshttps://unit42.paloaltonetworks.com/azure-container-instances/
*https://github.com/bribes/awesome-msrc-writeups
Yuval Avrahamihttps://x.com/yuvalavra
Critical Vulnerability in Microsoft Azure Cosmos DBhttps://chaosdb.wiz.io/
*https://github.com/bribes/awesome-msrc-writeups
Wizhttps://x.com/wiz_io
How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506]https://blog.cyberxplore.com/how-we-are-able-to-hack-any-company-by-sending-message-20000-bounty-cve-2021-34506/
*https://github.com/bribes/awesome-msrc-writeups
Th3Pr0xyB0yhttps://x.com/th3pr0xyb0y
Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypasshttps://dirkjanm.io/active-directory-forest-trusts-part-two-trust-transitivity/
*https://github.com/bribes/awesome-msrc-writeups
Dirk-jan Mollemahttps://x.com/_dirkjan
Reflected XSS on Microsofthttps://n45ht.or.id/blog/reflected-xss-on-microsoft/
*https://github.com/bribes/awesome-msrc-writeups
Choirur Rizalhttps://n45ht.or.id/blog/author/choirurrizal/
How I Might Have Hacked Any Microsoft Accounthttps://thezerohack.com/how-i-might-have-hacked-any-microsoft-account
*https://github.com/bribes/awesome-msrc-writeups
Laxman Muthiyahhttps://x.com/laxmanmuthiyah
I Own your Cloud Shell: Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured Kubelet API 30,000$ Bountyhttps://hencohen10.medium.com/i-own-your-cloud-shell-taking-over-azure-cloud-shell-kubernetes-cluster-through-unsecured-558621519cf9
*https://github.com/bribes/awesome-msrc-writeups
Chen Cohenhttps://x.com/chencococococo
$10,000 for automatic email confirmation bug in Microsoft’s Edge browserhttps://0xkaran.medium.com/10-000-for-automatic-email-confirmation-bug-in-microsofts-edge-browser-22f15ceccb4a
*https://github.com/bribes/awesome-msrc-writeups
Karan Chaudharyhttps://x.com/0xkaran
Unauthorized Access to OData Entities + $2K Bounty From Microsofthttps://infosecwriteups.com/unauthorized-access-to-odata-entities-2k-bounty-from-microsoft-e070b2ef88c2
*https://github.com/bribes/awesome-msrc-writeups
Borna Nematzadehhttps://x.com/LogicalHunter
https://github.com/bribes/awesome-msrc-writeups#2020
Microsoft Bug Bounty Writeup – Stored XSS Vulnerabilityhttps://www.pethuraj.com/blog/microsoft-bug-bounty-writeup-stored-xss-vulnerability/
*https://github.com/bribes/awesome-msrc-writeups
Pethurajhttps://x.com/Pethuraj
Taking Over Files in a chat —IDOR in Microsoft Teamshttps://medium.com/@alyanwar/taking-over-files-in-a-chat-idor-in-microsoft-teams-e5289c2efd0
*https://github.com/bribes/awesome-msrc-writeups
Aly Anwarhttps://x.com/alyanwarr
How I got hall of fame in Microsofthttps://medium.com/@noneofyou/how-i-got-hall-of-fame-in-microsoft-9b507dec3860
*https://github.com/bribes/awesome-msrc-writeups
Akash basnethttps://medium.com/@noneofyou
Taking over Azure DevOps Accounts with 1 Clickhttps://www.assetnote.io/resources/research/taking-over-azure-devops-accounts-with-1-click
*https://github.com/bribes/awesome-msrc-writeups
Sean Yeohhttps://x.com/seanyeoh
iOS Outlook Stored XSS Write-Up($3000)https://medium.com/kminthein/ios-outlook-stored-xss-write-up-ce34d7da192b
*https://github.com/bribes/awesome-msrc-writeups
kmintheinhttps://medium.com/@kminthein
Reflected XSS on microsoft.com subdomainshttps://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
*https://github.com/bribes/awesome-msrc-writeups
Raimonds Liepinshttps://raimonds-29140.medium.com
My Weirdest Bug Bounty — Getting PII from O365.https://omaidfaizyar.medium.com/my-weirdest-bug-bounty-getting-pii-from-o365-b4477f4739e
*https://github.com/bribes/awesome-msrc-writeups
Omaid Faizyarhttps://omaidfaizyar.medium.com/
Reflected XSS on Microsoft.com via Angular Js template injectionhttps://infosecwriteups.com/reflected-xss-on-microsoft-com-via-angular-template-injection-2e26d80a7fd8
*https://github.com/bribes/awesome-msrc-writeups
Pratik Dabhihttps://x.com/impratikdabhi
Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logichttps://ad3sh.medium.com/cross-site-request-forgery-vulnerability-leads-to-user-profile-change-in-microsoft-express-logic-dc3481ab47ba
*https://github.com/bribes/awesome-msrc-writeups
Adesh Koltehttps://x.com/AdeshKolte
Saying Goodbye to my Favorite 5 Minutehttps://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
*https://github.com/bribes/awesome-msrc-writeups
Allyson O'Malleyhttps://x.com/ally_o_malley
https://github.com/bribes/awesome-msrc-writeups#2019
Discovering an Undisclosed Stack Overflow Vulnerability in Microsoft SQL Server (CVE-2019-1068)https://cems.fun/2021/02/06/cve-2019-1068.html
*https://github.com/bribes/awesome-msrc-writeups
cemhttps://x.com/cemonatk
Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzerhttps://parsiya.net/blog/2019-06-18-chaining-three-bugs-to-get-rce-in-microsoft-attacksurfaceanalyzer/
*https://github.com/bribes/awesome-msrc-writeups
Parsia Hakimianhttps://x.com/CryptoGangsta
Stored XSS on Techprofile Microsofthttps://medium.com/@kang_ali/stored-xss-on-techprofile-microsoft-d21757588cc1
*https://github.com/bribes/awesome-msrc-writeups
Mohammad Ali Syariefhttps://medium.com/@kang_ali
From http:// domain to res:// domain xss by using IE Adobe’s PDF ActiveX pluginhttps://80vul.medium.com/from-http-domain-to-res-domain-xss-by-using-ie-adobes-pdf-activex-plugin-9f2a72a87aff
*https://github.com/bribes/awesome-msrc-writeups
heigehttps://x.com/80vul
$1,000 USD, XSS STORED IN OUTLOOK.COM (IOS BROWSERS)https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/
*https://github.com/bribes/awesome-msrc-writeups
Omar Espinohttps://x.com/omespino
Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizardhttps://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f
*https://github.com/bribes/awesome-msrc-writeups
Lee Chagolla-Christensenhttps://x.com/tifkin_
https://github.com/bribes/awesome-msrc-writeups#2018
Microsoft CSRF Vulnerabilityhttps://ad3sh.medium.com/how-i-got-500-from-microsoft-for-csrf-vulnerability-700accaf48b9
*https://github.com/bribes/awesome-msrc-writeups
Adesh Koltehttps://x.com/AdeshKolte
How I was able to delete 13k+ Microsoft Translator projectshttps://haiderm.com/how-i-was-able-to-delete-13k-microsoft-translator-projects/
*https://github.com/bribes/awesome-msrc-writeups
Haider Mahmoodhttps://haiderm.com/whoami/
XSS in Microsoft subdomainhttps://sudhanshur705.medium.com/xss-in-microsoft-subdomain-81c4e46d6631
*https://github.com/bribes/awesome-msrc-writeups
Sudhanshu Rajbharhttps://twitter.com/sudhanshur705
Xss in Microsofthttps://medium.com/@hacker_eth/xss-in-microsoft-7a70416aee75
*https://github.com/bribes/awesome-msrc-writeups
hacker_ethhttps://medium.com/@hacker_eth
Bypass CSP by Abusing XSS Filter in Edgehttps://infosecwriteups.com/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
*https://github.com/bribes/awesome-msrc-writeups
Xiaoyin Liuhttps://x.com/general_nfs
https://github.com/bribes/awesome-msrc-writeups#2017
Microsoft SharePoint’s Follow Feature XSS (CVE-2017–8514) -Adesh Koltehttps://ad3sh.medium.com/microsoft-sharepoints-follow-feature-xss-cve-2017-8514-adesh-kolte-d78d701cd064
*https://github.com/bribes/awesome-msrc-writeups
Adesh Koltehttps://x.com/AdeshKolte
Get your Microsoft account hijacked by simply clicking connect button -Adesh Koltehttps://ad3sh.medium.com/get-your-microsoft-account-hijacked-by-simply-clicking-connect-button-adesh-kolte-cc0b335b0221
*https://github.com/bribes/awesome-msrc-writeups
Adesh Koltehttps://x.com/AdeshKolte
Non-persistent XSS at Microsoft -Adesh Koltehttps://ad3sh.medium.com/non-persistent-xss-at-microsoft-adesh-kolte-ad36b1b4a325
*https://github.com/bribes/awesome-msrc-writeups
Adesh Koltehttps://x.com/AdeshKolte
Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised?https://cems.fun/2022/12/26/CVE-2017-8758.html
*https://github.com/bribes/awesome-msrc-writeups
cemhttps://x.com/cemonatk
DOM Based XSS In Microsofthttps://www.rafaybaloch.com/2017/06/dom-based-xss-in-microsoft.html
*https://github.com/bribes/awesome-msrc-writeups
Rafay Balochhttps://x.com/rafaybaloch
https://github.com/bribes/awesome-msrc-writeups#2016
Remote Code Execution (RCE) on Microsoft's 'signout.live.com'https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
*https://github.com/bribes/awesome-msrc-writeups
Peter Adkinshttps://x.com/darkarnium
Two vulnerabilities makes an Exploit!! (XSS and CSRF in Bing)https://infosecwriteups.com/two-vulnerabilities-makes-an-exploit-xss-and-csrf-in-bing-cd4269da7b69
*https://github.com/bribes/awesome-msrc-writeups
Sai Krishna Kothapallihttps://x.com/kmskrishna
Microsoft Yammer Clickjacking - Exploiting HTML5 Security Featureshttps://seekurity.com/blog/2016/05/18/admin/general/microsoft-yammer-clickjacking-exploiting-html5-security-features
*https://github.com/bribes/awesome-msrc-writeups
Mohamed A. Basethttps://seekurity.com/blog/author/admin
Obtaining Login Tokens for an Outlook, Office or Azure Accounthttps://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/
*https://github.com/bribes/awesome-msrc-writeups
Jackhttps://x.com/fin1te
Broken Access Control in bingmapsportalhttps://infosecwriteups.com/broken-access-control-in-bingmapsportal-a012bffd2c43
*https://github.com/bribes/awesome-msrc-writeups
Sai Krishna Kothapallihttps://x.com/kmskrishna
https://github.com/bribes/awesome-msrc-writeups#2015
Leaking API keys in Bing Maps Portalhttps://infosecwriteups.com/how-i-got-listed-in-microsoft-hall-of-fame-8f96ca4535c2
*https://github.com/bribes/awesome-msrc-writeups
Sai Krishna Kothapallihttps://x.com/kmskrishna
microsoft https://github.com/topics/microsoft
cybersecurity https://github.com/topics/cybersecurity
bug-bounty https://github.com/topics/bug-bounty
writeups https://github.com/topics/writeups
bugbounty https://github.com/topics/bugbounty
writeup https://github.com/topics/writeup
msrc https://github.com/topics/msrc
Readme https://github.com/bribes/awesome-msrc-writeups#readme-ov-file
Please reload this pagehttps://github.com/bribes/awesome-msrc-writeups
Activityhttps://github.com/bribes/awesome-msrc-writeups/activity
3 forkshttps://github.com/bribes/awesome-msrc-writeups/forks
Report repository https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Fbribes%2Fawesome-msrc-writeups&report=bribes+%28user%29
Contributorshttps://github.com/bribes/awesome-msrc-writeups/graphs/contributors
Please reload this pagehttps://github.com/bribes/awesome-msrc-writeups
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.