Monday, November 30, 2009

Microsoft Technet Vulnerable to Cross-Site Scripting

XSS and HTML Injection bugs on http://gallery.technet.microsoft.com

Vulnerable page: http://gallery.technet.microsoft.com/ScriptCenter/en-us/site/search?f%5B0%5D.Type='Tag&f%5B0%5D.Value=XSS





For redirect poc check: http://gallery.technet.microsoft.com

website staff has been alerted.

Edit: bug fixed!

2 comments:

Anonymous said...

Foarte interesant! Cine a descoperit vulnerabilitatea?

Steve said...

Looks like its fixed....have the contacted you?