XSS Bug in Microsoft.com Payments Page – Microsoft Hall of Fame

by Ravishanker Kusuma in Security Jan 16th 2017 · 0 Comments

I recently found a XSS bug in Microsoft payments page. Initially I thought, it was only a simple URL redirection bug and reported the same. Then I realized that it is a XSS bug.
Below is the URL.

https://controls.cp.microsoft.com/PaymentInstrument/pcssuccess?auth=true&origin=XXXXXXX&piid=abcd

Unfortunately, this URL is not part of Microsoft bug bounty program. But they listed my name in the March month
Microsoft Hall of fame security researchers page.

I reported the bug on March 12th and it was fixed on April 4th 2016. Watch the below video explains more about the bug.

Sharing is Caring

Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Pocket

About Author

I am a developer and I maintain the site https://hayageek.com. The best software developers are those who can think like both a developer and a user.

Visit my Website
Twitter
Facebook

XSS Bug in Microsoft.com Payments Page – Microsoft Hall of Fame

Sharing is Caring

About Author

All posts by Ravishanker Kusuma

Most Popular

jQuery AJAX POST Example

PHP CURL POST & GET Examples – Submit Form using PHP CURL

RSA Encryption & Decryption Example with OpenSSL in C

Greasemonkey Tutorial for Beginners

jQuery AJAX Form Submit Example

How to Send Cross Domain AJAX Request with jQuery

Android HTTP POST & GET Example

Google URL Shortener API example

TOPICS