Microsoft Fixes DOM-Based XSS Flaw in Learning Site After Being Notified by Expert

The vulnerability was discovered by independent security researcher Rafay Baloch

By Eduard Kovacs on November 9th, 2012 20:11 GMT

Microsoft has fixed a DOM-based cross-site scripting (XSS) vulnerability in the “Learning” section of microsoft.com after being notified by independent security researcher Rafay Baloch. The expert has provided us with a screenshot to demonstrate the existence of the security hole.

“The vulnerability I found is a DOM based XSS vulnerability. It is a third type of XSS also known as ‘type-0 XSS.’ Unlike other two types of XSS (Persistent and Non-Persistent), this type of XSS occurs because of modifying the DOM (Document Object Model) in the victims browser,” Baloch told Softpedia in an email.

He revealed that DOM-based flaws could be used for the same purposes as the other types of XSS vulnerabilities, including phishing, session hijacking, and stealing cookies. However, in this case, the attack method is different.

“I am not a fan of tools. I found it by injecting my payload manually. I feel that I can find bugs faster by going manually rather than using fancy tools, though there are tools like Dominator and Ra.2 making it easy for you to find DOM-XSS. I use them for verification,” he said regarding the methods he utilized to find the flaw.

He discovered the security hole on November 1 and reported it to Microsoft. By November 8, the Redmond company managed to review and address the issue with an online services update.

This isn’t the first time that the researcher finds security holes in Microsoft services. He is listed in Microsoft’s Online Researcher Acknowledgement page for October and because he found this DOM XSS, his name will appear in the November section as well.

In October, the expert’s work was acknowledged by security firm ESET, after he helped them in addressing a persistent XSS issue and an SQL Injection vulnerability on their Taiwan website.
DOM-based XSS on microsoft.com
   DOM-based XSS on microsoft.com
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments