Loading video...

Video Failed to Load

Go Home

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

l4tr0d3ctism's profile picture

Moslem Haghighian

2,552 subscribers

11,998 views • 2 years ago •via X (Twitter)

FinanceScience & TechnologyNews & Politics#bugbounty
LIVE

Anya Rossi• Live Now

Private livecam show

10 Comments

#AmaN 🔥's profile picture
#AmaN 🔥2 years ago

Have you created poll with another user id ?

Moslem Haghighian's profile picture
Moslem Haghighian2 years ago

Yes that's right

#AmaN 🔥's profile picture
#AmaN 🔥2 years ago

Because I didn’t understand properly

Damanpreet Singh🇮🇳🐐's profile picture
Damanpreet Singh🇮🇳🐐2 years ago

@v3d_bug 66897 🌜, congratulations 🎉

🦇 ©'s profile picture
🦇 ©2 years ago

So you created a poll on behalf of user

Verneet's profile picture
Verneet2 years ago

is it fixed?

Moslem Haghighian's profile picture
Moslem Haghighian2 years ago

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

CoinbasePro's profile picture
CoinbasePro2 years ago

impact?

CoinbasePro's profile picture
CoinbasePro2 years ago

bro you just intersept and change the name so where is impact...?

Moslem Haghighian's profile picture
Moslem Haghighian2 years ago

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

Related Videos

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum
0:37

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

NullSecX

45,540 views • 10 months ago

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!
17:59

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 views • 2 years ago

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.
1:12

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.

Team Ossoff

16,540 views • 15 days ago

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity
1:32

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

Web Security Academy

26,242 views • 1 year ago

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:
0:22

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:

Dark Web Informer

23,493 views • 4 months ago

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.
0:53

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 views • 3 years ago

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.
3:15

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.

Simon Ekpa

50,437 views • 1 year ago

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"
0:44

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"

Bayern & Germany

67,934 views • 1 month ago

Can someone send help?? Poll in the next tweet 👇
6:37

Can someone send help?? Poll in the next tweet 👇

Brent

11,841 views • 2 years ago

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles
0:23

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles

Acyn

33,840 views • 5 months ago

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:
1:06

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:

Clay Travis

120,418 views • 3 months ago

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.
1:15

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.

World Jewish Congress

739,269 views • 3 years ago

We can send the trucks to gmmtv if you want us to @ khao
0:30

We can send the trucks to gmmtv if you want us to @ khao

jj⁷

783,937 views • 2 years ago

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:
0:46

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:

0x6rss

45,616 views • 1 year ago

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."
0:54

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."

Aaron Rupar

3,092,268 views • 2 years ago

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec
1:54

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec

Real America's Voice (RAV)

23,374 views • 1 month ago

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜
0:58

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜

AGUST D CHARTS

27,029 views • 11 months ago

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.
0:55

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.

Jerusalem Center for Security and Foreign Affairs

1,894,388 views • 1 month ago