Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

11,998 Aufrufe • vor 3 Jahren •via X (Twitter)

10 Kommentare

Profilbild von #AmaN 🔥
#AmaN 🔥vor 3 Jahren

Have you created poll with another user id ?

Profilbild von Moslem Haghighian
Moslem Haghighianvor 3 Jahren

Yes that's right

Profilbild von #AmaN 🔥
#AmaN 🔥vor 3 Jahren

Because I didn’t understand properly

Profilbild von Damanpreet Singh🇮🇳🐐
Damanpreet Singh🇮🇳🐐vor 3 Jahren

@v3d_bug 66897 🌜, congratulations 🎉

Profilbild von 🦇 ©
🦇 ©vor 3 Jahren

So you created a poll on behalf of user

Profilbild von Verneet
Verneetvor 3 Jahren

is it fixed?

Profilbild von Moslem Haghighian
Moslem Haghighianvor 3 Jahren

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

Profilbild von CoinbasePro
CoinbaseProvor 3 Jahren

impact?

Profilbild von CoinbasePro
CoinbaseProvor 3 Jahren

bro you just intersept and change the name so where is impact...?

Profilbild von Moslem Haghighian
Moslem Haghighianvor 3 Jahren

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

Ähnliche Videos