Reflected XSS on Microsoft
First I did a little search on the Microsoft domain using Google Dork below,
site:*.*.microsoft.com ext:php
After that, I got a registration page on the msftguestus.partners.extranet.microsoft.com domain,
URL:
https://msftguestus.partners.extranet.microsoft.com/guest/msft_a_guest_register.php?_browser=1
Then, I used Arjun to find the parameters on the page
I put the XSS Payloads one by one in the parameters Arjun displayed until the XSS fire up
Payloads:
"><svg/onload=alert(1)>
#HappyHacking Related Post: