Tuesday, October 17, 2017
Home / Security / Breaches / Two Xbox Live Vulnerabilities discovered by @SuperSl1nk

Two Xbox Live Vulnerabilities discovered by @SuperSl1nk

Xbox Live Vulnerabilities discovered by @SuperSl1nk.  He released proof via Twitter early yesterday morning.  Sl1nk released pictures of two two DOM XSS vulnerabilities, he also released some other information about Microsoft’s servers.

206.16.223.85 (U.S.A. Redmond)
BIGipServerGearsofwar.xbox.com
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
AWESI: Ek02
X-Powered-By: ASP.NET
 206.16.223.118
Server: Microsoft-HTTPAPI/2.0
BIGipServerfableservice.xbox.com
 206.16.223.94 (U.S.A. Redmond)
BIGipServerFable2.xbox.com
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
AWESI: Ek01
 206.16.223.91 (U.S.A. Redmond)
BIGipServerawebuss.xbox.com
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
AWESI: Ek03
 206.16.223.45 (U.S.A Redmond)
BIGipServerhalo3.com
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
AWESI: 03
 131.107.245.202 (U.S.A)
BIGipServerhalo.part.xbox.com
 131.107.74.250 (U.S.A. Redmond)
Server: Microsoft-IIS/6.0
P3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Awesi: TestEk01
BIGipServerawebuss.part.xbox.com
 131.107.74.192 (U.S.A. Redmond)
BIGipServerlips.part.xbox.com
Server: Microsoft-IIS/6.0
Awesi: TestEk01
P3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
 IP-Unknown
BIGipServergearsofwar.com

Some more picture proof

You can view Sl1nk’s tweet below.

https://twitter.com/SuperSl1nk/status/284471646134341632

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …