Discovering Critical Security Vulnerabilities: My Journey into Microsoft’s Power Apps Portal
I found myself exploring the Microsoft Power Apps portal, specifically targeting the subdomain: https://powerusers.microsoft.com. Driven by curiosity and a passion for cybersecurity, I embarked on a journey that would soon reveal significant security vulnerabilities.
The Exploration
Navigating to the Power Users Forum
I began my adventure by navigating to the Power Users forum. Here’s a detailed account of my discovery process:
- Login:
- Navigate to
https://powerusers.microsoft.com - Login with your email address.
2. Accessing the File Upload Section:
- Go to
https://powerusers.microsoft.com/t5/forums/postpage/choose-node/true/board-id/PowerAppsForum1 - Click on “Drag and drop here or browse files to attach.”
3. Uploading the Payload:
I prepared a file with the following payload in its name:
“><img src=x onerror=prompt(document.domain);>.pdf
- Uploaded the file…
The Discovery
Stored XSS and HTML Injection
Upon uploading the file, I discovered that the file upload functionality was vulnerable to stored Cross-Site Scripting (XSS) and HTML Injection.
Vulnerability Details:
# Stored XSS:
- Location: File upload field on
powerusers.microsoft.com. - Description: This vulnerability allows an attacker to execute arbitrary JavaScript code via the file upload functionality. When a user uploads a file whose file name includes XSS payload code, the script is executed when the file content is read by the page.
- Impact: This vulnerability can be exploited to perform actions on behalf of users, steal session tokens, or redirect users to malicious websites and social engineering attacks.
# HTML Injection:
- Location: Same as above.
- Description: This vulnerability allows an attacker to inject arbitrary HTML code into the page via the file content. This HTML is rendered when the file is viewed, allowing for modification of the page content.
- Impact: This could be used to alter the appearance of the website, phish for user credentials, or insert malicious content.
Potential Exploitation Scenarios
- Session Hijacking: Attackers could exploit the vulnerabilities to steal users’ session cookies, gaining unauthorized access to their accounts.
- Phishing Attacks: Malicious actors could replace legitimate content with phishing pages, tricking users into divulging sensitive information or downloading malicious files.
- Content Manipulation: Attackers could modify entire web pages to distribute malware or propagate their malicious agenda, posing significant risks to user trust and security.
Impact:
- Stored XSS
- HTML Injection
- Phishing Pages
- Downloading Malicious Files
- Stealing Cookies
Note: All file extensions are vulnerable, not just .pdf.
By addressing these issues promptly, Microsoft can enhance the security of its applications, protect its users, and maintain trust in its brand. For further clarity, I have attached images and videos illustrating the exploitation of these vulnerabilities. If you have any questions or require additional information, feel free to contact me on my Linkedin profile:
Proof of Concept:
