Discovering XSS Vulnerabilitie: My Journey into Microsoft’s Azure Infrastructure
The Beginning
On a quiet afternoon, as I sat at my desk pondering my next challenge, an idea sparked in my mind: why not delve into Microsoft’s Azure services? With countless businesses relying on these services, ensuring their security is crucial. Fueled by curiosity and a passion for cybersecurity, I embarked on a journey to explore potential vulnerabilities.
The Exploration
Navigating to AppSource
I began my adventure by navigating to the AppSource marketplace. The URL that piqued my interest was:
https://appsource.microsoft.com/en-in/marketplace/partner-dirI decided to test the waters by entering various inputs into the search field, hoping to uncover any hidden vulnerabilities.
The First Clue: Reflected Input
As I input different values, I noticed something intriguing. The freetext parameter in the URL reflected the input without proper sanitization. This was a promising lead, hinting at the possibility of Cross-Site Scripting (XSS).
The Discovery
Uncovering the Vulnerability
To confirm my suspicion, I crafted a payload designed to test for XSS. With anticipation, I entered it into the search field and hit enter. The result was immediate and revealing: the payload executed successfully, confirming a Reflected XSS vulnerability. The vulnerable URL looked something like this:
https://appsource.microsoft.com/en-in/marketplace/partner-dir?filter=sort=0;pageSize=18;radius=100;freetext=xxxxx;suggestion=true;locationNotRequired=trueMy excitement grew as I realized the potential impact of this discovery. The freetext parameter was indeed vulnerable, and the implications could be significant.
Digging Deeper: Session Token Exposure
Encouraged by my initial success, I decided to dig deeper. I revisited the URL and observed the behavior more closely. It wasn’t long before I uncovered another critical issue: the XSS vulnerability was exposing session tokens. Specifically, I was able to extract ai_user and ai_session tokens from the domain:
https://main.prod.marketplacepartnerdirectory.azure.com/Example tokens:
ai_user=Kkwb5YDxwj/AiAdXz/oongL|2024-04-24T17:32:11.179Z
ai_session=jfxPPRBAGVeL3f8lv6kRF/|1714339281358|1714345534792This revelation underscored the severity of the vulnerability. By exploiting this flaw, an attacker could potentially hijack user sessions and gain unauthorized access to sensitive information.
FULL URL:
https://appsource.microsoft.com/en-in/marketplace/partner-dir?filter=sort=0;pageSize=18;radius=100;freetext=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt(%27document.domain%27)%3B%3E;suggestion=true;locationNotRequired=true
FULL VIDEO:
By addressing these issues promptly, Microsoft can enhance the security of its applications, protect its users, and maintain trust in its brand. For further clarity, I have attached images and videos illustrating the exploitation of these vulnerabilities. If you have any questions or require additional information, feel free to contact me on my Linkedin profile:
#xss0r #ibrahimXSS #@ibrahimxss0r #ibrahimxss0r #xsstool
