Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
How I could have read your confidential bug reports by simple mail?
Sudhakar MuthumaniPosted 4 Years Ago- Microsoft has a security research portal. With this, updates are sent to all engineers who are involved on the project over email.
- In the Microsoft system, the vulnerability report ID is
VULN-####. This ID is used for the bug report. The IDs are easily guessable, as they are sequential. - Here is the weird part: if an attacker sent an email to the vulnerability report mail ID with the subject as the report ID above, they would be added to the email chain! Using this, an attacker could see updates to a bug report. This could include information such as a proof of concept and other details about the vulnerability.
- Since they likely use BCC, the original discoverer of the bug would not have seen the message get sent to somebody else. Even though this was fixed by Microsoft, it was marked out of scope (no bounty). Overall, good find though!
