Загрузка видео...

Не удалось загрузить видео

На главную

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

11,998 просмотров • 2 лет назад •via X (Twitter)

Комментарии: 10

Фото профиля #AmaN 🔥
#AmaN 🔥2 лет назад

Have you created poll with another user id ?

Фото профиля Moslem Haghighian
Moslem Haghighian2 лет назад

Yes that's right

Фото профиля #AmaN 🔥
#AmaN 🔥2 лет назад

Because I didn’t understand properly

Фото профиля Damanpreet Singh🇮🇳🐐
Damanpreet Singh🇮🇳🐐2 лет назад

@v3d_bug 66897 🌜, congratulations 🎉

Фото профиля 🦇 ©
🦇 ©2 лет назад

So you created a poll on behalf of user

Фото профиля Verneet
Verneet2 лет назад

is it fixed?

Фото профиля Moslem Haghighian
Moslem Haghighian2 лет назад

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

Фото профиля CoinbasePro
CoinbasePro2 лет назад

impact?

Фото профиля CoinbasePro
CoinbasePro2 лет назад

bro you just intersept and change the name so where is impact...?

Фото профиля Moslem Haghighian
Moslem Haghighian2 лет назад

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

Похожие видео