Stored(Blind) XSS in Microsoft outlook

I want share about my finding in Microsoft outlook IOS application that could affect 2.62.0 and below. I’m not bounty hunter and i really don’t want to become. When I have free time, i choose random websites or apps. Two months ago, i upload a file via Microsoft out  using web based application with extension name….

'"><img src=x onerror="alert(window.clientInformation.appVersion);">.jpg

Nothing happened in their core website and i think  “Wait what if vulnerable to XSS in ios app?” and then i opened this message via ios app and the result is

Image

I speak myself “OMG!!”. The problem is that they missed to standardize in IOS side. Yes, they do properly in outlook.live.com. So this vulnerability becomes Stored(blind) XSS.

I reported to Microsoft MSRC and they placed my name in their security researcher list, lol i don’t think myself as security researcher.

https://technet.microsoft.com/en-us/security/cc308589.aspx

Screen Shot 2018-02-18 at 11.26.52 PM

 

Thanks everyone who read this writeup.

Advertisements

One thought on “Stored(Blind) XSS in Microsoft outlook

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s