Xbox Live Vulnerabilities discovered by @SuperSl1nk. He released proof via Twitter early yesterday morning. Sl1nk released pictures of two two DOM XSS vulnerabilities, he also released some other information about Microsoft’s servers.
206.16.223.85 (U.S.A. Redmond) BIGipServerGearsofwar.xbox.com Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" AWESI: Ek02 X-Powered-By: ASP.NET 206.16.223.118 Server: Microsoft-HTTPAPI/2.0 BIGipServerfableservice.xbox.com 206.16.223.94 (U.S.A. Redmond) BIGipServerFable2.xbox.com Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" AWESI: Ek01 206.16.223.91 (U.S.A. Redmond) BIGipServerawebuss.xbox.com Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" AWESI: Ek03 206.16.223.45 (U.S.A Redmond) BIGipServerhalo3.com Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" AWESI: 03 131.107.245.202 (U.S.A) BIGipServerhalo.part.xbox.com 131.107.74.250 (U.S.A. Redmond) Server: Microsoft-IIS/6.0 P3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Awesi: TestEk01 BIGipServerawebuss.part.xbox.com 131.107.74.192 (U.S.A. Redmond) BIGipServerlips.part.xbox.com Server: Microsoft-IIS/6.0 Awesi: TestEk01 P3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" IP-Unknown BIGipServergearsofwar.com
Some more picture proof
You can view Sl1nk’s tweet below.
https://twitter.com/SuperSl1nk/status/284471646134341632
