Open in app

Sign in

Write

Sign in

Microsoft Team’s Unpatched URL Spoofing Vulnerability

Priyank Raval
3 min readFeb 9, 2022

--

What is URL Spoofing?

When an attacker creates a fake URL or it looks like a legitimate URL but it leads to an attacker’s website is called URL spoofing. Most of the time URL spoofing is used to carry out phishing attacks and steal sensitive information such as emails, credentials, addresses, and bank account details. just have a look at common types of URL Spoofing.

Now let’s have a look at How I found URL spoofing vulnerability in Microsoft Team.

I was in the lecture that day and unable to concentrate on it. So, I started reading InfoSec writeups. yeah, you read that correctly that I started reading because my lectures were online and we were using Microsoft Team. So in excitement, I wanted to try what I read and end up finding this vulnerability. Now it’s showtime.

Steps to Reproduce URL Spoofing vulnerability in Microsoft Team.

  1. Log in to Microsoft Team and select any user to send a message. Now insert any link in the message Textarea and close the preview. (here we use https://www.microsoft.com/ ).
  2. Now click on send and intercept that request in burpsuite. in the burpsuite you can see the message’s payload in cleartext. here you can see that Microsoft uses an anchor tag for URL creation in chat which is easily edited by anyone.

3. Now edit payload to redirect users to the malicious website so that it looks like a legitimate website. Here I have redirected users to a malicious website (https://evil.com/) while users will see it as microsoft.com. You can refer edited image of the payload.

No

4. Now click on the forward button in burpsuite & send a message. For verifying it, go to the web application, iOS or Android applications, or Windows app.

I have reported this vulnerability on 28th September 2021 and the MSRC team responded that they have put this intentionally. Look at the below image to see the response from the MSRC team.

But, they accept the report and I got an acknowledgment from Microsoft for reporting this vulnerability.

Now, what are you waiting for GO FOR IT and try it on your own.

Cybersecurity
Bug Bounty
Penetration Testing
Information Security
Ethical Hacker

--

--

Priyank Raval
Priyank Raval

Written by Priyank Raval

12 Followers
2 Following

Cybersecurity | Cloud Computing | Master's Student @ University of Greenwich 🎓

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams