Post

PART 1: To keep it simple ,I want to make this blog to the point ,instead of writing a script for MahaBharath !!! How It all started? I was thinking of services provided by microsoft, Skype came to my mind. I tested out skype but couldn’t find anything ,Then after some usual recon ,I found a subdomain manager.skype.com.If your visiting the website as first time the following pop up will appear asking for name of group....

PART 2: So If you have read the part 1, You would have seen that I found a stored-self Xss in manager.skype.com which was getting escalated in the option(“make the USER as admin of group_name”) as group_name was not properly sanitized there. Here’s what I did to affect other users,You just need to create a invite link and make a user join your group. Once ,the user joins your group ,You just need to make him as admin using the option I mentioned earlier....