正在加载视频...

视频加载失败

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

11,998 次观看 • 2 年前 •via X (Twitter)

10 条评论

#AmaN 🔥 的头像
#AmaN 🔥2 年前

Have you created poll with another user id ?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

Yes that's right

#AmaN 🔥 的头像
#AmaN 🔥2 年前

Because I didn’t understand properly

Damanpreet Singh🇮🇳🐐 的头像
Damanpreet Singh🇮🇳🐐2 年前

@v3d_bug 66897 🌜, congratulations 🎉

🦇 © 的头像
🦇 ©2 年前

So you created a poll on behalf of user

Verneet 的头像
Verneet2 年前

is it fixed?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

CoinbasePro 的头像
CoinbasePro2 年前

impact?

CoinbasePro 的头像
CoinbasePro2 年前

bro you just intersept and change the name so where is impact...?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

相关视频