This is a low hanging bug ,I discovered in Google ,This blog is going to be to short and to the point. I followed the usual Recon process after enumerating subdomains , I selected https://datastudio.google.com.I tried to check for popular vulnerabilities XSS,CSRF,SSRF and What not!!! But couldn’t find anything .Then I tried to see the features in the website.There was an option to EMBED any site in a report ....
PART 1: To keep it simple ,I want to make this blog to the point ,instead of writing a script for MahaBharath !!! How It all started? I was thinking of services provided by microsoft, Skype came to my mind. I tested out skype but couldn’t find anything ,Then after some usual recon ,I found a subdomain manager.skype.com.If your visiting the website as first time the following pop up will appear asking for name of group....
PART 2: So If you have read the part 1, You would have seen that I found a stored-self Xss in manager.skype.com which was getting escalated in the option(“make the USER as admin of group_name”) as group_name was not properly sanitized there. Here’s what I did to affect other users,You just need to create a invite link and make a user join your group. Once ,the user joins your group ,You just need to make him as admin using the option I mentioned earlier....