Whitehack Information Security consultant Griffin Francis has recently been acknowledged by Microsoft for finding a critical SQL Injection vulnerability within one of their corporate level domains. The vulnerability which was reported could have enabled an attacker to be able to obtain the database for one of Microsoft’s live services.
Griffin a proud member at Whitehack is a long standing member of the bug bounty community which enables researchers such as himself to find vulnerabilities which can be found on services as to which millions of people use on a daily basis. Within the past Griffin has been acknowledged by Apple, Mozilla, Oracle, Google, United Airlines, Yahoo, Riot Games, AT&T and multiple other sites for reporting high profile issues.
Issue Reported – 12/2/2016
Issue Confirmed and Triaged – 14/2/2016
Issue Patched – 22/2/2016