Discovering a Critical Security Vulnerability: My Journey into Microsoft’s Lists Subdomain

#IbrahimXSS
3 min readJun 14, 2024

--

The Beginning

On a quiet morning, with my curiosity piqued and a drive to uncover hidden vulnerabilities, I decided to explore Microsoft’s Lists subdomain: https://lists.microsoft.com/. Armed with my expertise and a keen eye for detail, I embarked on a journey that would soon reveal a significant security flaw.

The Exploration

Navigating to Lists

I began my adventure by logging into the Lists subdomain. Here’s how the journey unfolded:

Login:

Creating a New List:

  • Create a new list.
  • Add a new item to the list.
  • Click “Add Column.”

Adding Column Details:

  • Add a title and description.
  • Click on the blank field box of the created column below.
  • A box will pop up, asking for a link and text to display.

Injecting the Payload:

  • In the link field, enter the payload: javascript:alert(document.cookie)
  • In the display text field, enter any text and save it.

Triggering the XSS:

  • Press CTRL+C and click on the displayed text.
  • An XSS popup will trigger. Sometimes it requires pressing CTRL+C, depending on the browser.

The Discovery

Stored Cross-Site Scripting (XSS)

Stored XSS occurs when user-supplied data is stored persistently on a target application’s server without proper validation or sanitization. In this case, I discovered that user input fields on https://lists.microsoft.com/ are vulnerable to storing malicious scripts, which can then be executed within the browsers of other users accessing the same pages.

Impact:

  • Attackers could inject malicious scripts into the application, leading to the theft of sensitive user information, session hijacking, or the manipulation of page content to deceive users into performing unintended actions.

Conclusion

My journey to uncover this vulnerability highlights the critical importance of continuous security assessments. By leveraging my skills and expertise, I was able to identify and exploit a Stored XSS vulnerability that could have far-reaching consequences for Microsoft and its users.

Through this exploration, I was able to contribute to the security of Microsoft’s ecosystem by identifying and reporting a critical vulnerability. This discovery underscores the importance of vigilance and proactive security measures in maintaining the integrity and safety of online services.

By addressing these issues promptly, Microsoft can enhance the security of its applications, protect its users, and maintain trust in its brand. For further clarity, I have attached images and videos illustrating the exploitation of these vulnerabilities. If you have any questions or require additional information, feel free to contact me on my Linkedin profile:

https://www.linkedin.com/in/ibrahim-husi%C4%87-101430102/

Proof of Concept:

--

--

#IbrahimXSS

Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it! https://ibrahimxss.store/