.png)
9 months ago
70 BOOK THIS SPACE FOR AD
ARTICLE AD
Greetings, fellow cybersecurity enthusiasts! My name is Kamil Rahuman, Today, I’m thrilled to share my desire to contribute to the ever-evolving landscape of digital security, my attention turned towards Microsoft, a global tech giant with a reputation for innovation and robust cybersecurity practices.
It all began when I delved into the realm of ethical hacking, eager to contribute to the cybersecurity community. My curiosity led me to explore various platforms, and eventually, I set my sights on Microsoft.
Getting Started: Recon
Began with the routine of taking up Microsoft’s Acquisitions for new domains.
Then I came up with a random domain of Microsoft and began to hunt for vulnerabilities.
First Encounter with Microsoft’s Security
In my exploration, I stumbled upon a potential vulnerability — an SQL injection, specifically a Boolean-based blind injection, in a company that Microsoft had acquired. Excited about my discovery, I diligently reported the issue to Microsoft’s security team.
With the search parameter, I used a tool called SQL-MAP to test some SQL vulnerabilities.
SQLMap: Automatic SQL Injection and Database takeover tool:
SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. SQL injection is a common attack vector where an attacker can manipulate a web application’s database by injecting malicious SQL code. SQLMap helps security professionals, ethical hackers, and penetration testers identify and exploit these vulnerabilities in a controlled and ethical manner.
Then I applied the target’s search parameter since it is made up of MySQL database I thought that definitely, I’ll get any results.
BOOOM!!!! got Boolean-based blind injection!!!!
Unfortunately, the MSRC Security team is not able to reproduce this SQL Injection Vulnerability.
The Decision Point
Undeterred, I faced a decision point: should I aim for a bounty, a tangible reward, or settle for the satisfaction of an acknowledgment? Either outcome would bring me joy, and with that in mind, I continued my quest.
Then I started searching some subdomains of Microsoft.com and chose the target which is made up of Wordpress.
Uncovering a WordPress Subdomain
As my exploration continued, I serendipitously discovered a Microsoft subdomain developed with the widely-used WordPress CMS. Recognizing an opportunity for investigation, I decided to delve deeper into the intricacies of the platform.
Scanning with WPScan Tool
Armed with the powerful WPScan tool, I meticulously conducted a comprehensive scan of the WordPress subdomain. The tool’s capabilities unveiled the /wp-json content, providing a gateway to potential vulnerabilities within the system.
Enumerating Users
Focused on the /wp-json endpoint, I embarked on user enumeration. By entering /wp-json/wp/v2/users, I discovered a treasure trove of information — user IDs and usernames exposed within the domain.
Discovery of CVE-2017–5487
The vulnerability I unearthed fell under the classification of CVE-2017–5487. This revelation marked a significant step in my journey, as I uncovered a security flaw that could have far-reaching implications.
Reporting through the Microsoft Bug Bounty Portal
With my findings in hand, I promptly reported the vulnerability through Microsoft’s bug bounty portal, detailing the intricacies of CVE-2017–5487 and its potential impact.
Finally Acknowledgment from Microsoft
After patiently waiting for two months, my dedication bore fruit. In November 2023, I was elated to find my name listed in Microsoft’s acknowledgment section, a testament to the significance of my discovery and the company’s commitment to fostering a secure digital ecosystem.
Hall Of Fame: Microsoft Acknowledgements
Let’s meet again in another article
Bye!
Bengali (Bangladesh) · 
English (United States) ·