Microsoft Team’s Unpatched URL Spoofing Vulnerability

  1. Log in to Microsoft Team and select any user to send a message. Now insert any link in the message Textarea and close the preview. (here we use https://www.microsoft.com/ ).
  2. Now click on send and intercept that request in burpsuite. in the burpsuite you can see the message’s payload in cleartext. here you can see that Microsoft uses an anchor tag for URL creation in chat which is easily edited by anyone.
No

--

--

--

Cybersecurity enthusiast | Red Team | Love Recon | Learner

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Opening the Trunk of Pandora’s Autonomous Vehicle

Crypto Cards Reward System Adjustment

Burn government key

{UPDATE} Touch Football Fixture Champion Score Hack Free Resources Generator

Hashing Functions In Solidity Using Keccak256

3 things to help you land that Cyber Security job

How to create TOR proxy with Python (Cheat sheet 101)

{UPDATE} 乃木坂クイズ村 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Priyank Raval

Priyank Raval

Cybersecurity enthusiast | Red Team | Love Recon | Learner

More from Medium

Changes in OWASP Top 10: 2017 vs 2021

[Offensive security] How toconduct server-side request forgery (SSRF)

Revolutionizing Data Security by Design

InSecure Design Vulnerabilities: What are they and Why they Occurs