Microsoft Bulletin MS2013-067 – SharePoint 2013 Online
This week microsoft published the new security bulletins of 2013 september. In February the issue has been reported to the microsoft security response centers responsible - public disclosure program. The issue was for fail publish 2 month ago without full details, references and ids. After a little patch of our internal disclosure procedure system, microsoft accepted the issue for the bulletin program acknowledgment. The vulnerability was created to confirm the exist of the possibility to inject script code to elevate the sharepoint online 2013 software user privileges. The inject comes up from the online service and gets executed persistent in the software core.
Lets review first the full update listing of the september #1 security bulletins with id and severity.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability