Video yükleniyor...
Video Yüklenemedi
Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty
11,998 görüntüleme • 3 yıl önce •via X (Twitter)
10 Yorum

#AmaN 🔥3 yıl önce
Have you created poll with another user id ?

Moslem Haghighian3 yıl önce
Yes that's right

#AmaN 🔥3 yıl önce
Because I didn’t understand properly

Damanpreet Singh🇮🇳🐐3 yıl önce
@v3d_bug 66897 🌜, congratulations 🎉

🦇 ©3 yıl önce
So you created a poll on behalf of user

Verneet3 yıl önce
is it fixed?

Moslem Haghighian3 yıl önce
Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

CoinbasePro3 yıl önce
impact?

CoinbasePro3 yıl önce
bro you just intersept and change the name so where is impact...?

Moslem Haghighian3 yıl önce
In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.


