PoC for a DevTools enabler in MS Edge for Xbox
This attack could be leveraged if a exploit is found in the backend of ntp.msn.com
, so even in its current state it could be considered as a XSS attack. The amount of leverage (since most browsers are heavily sandboxed) in its current state is minimal, so there shouldn't be much worry, yet. Any attacks would neeed social engineering to be effective.
Demo:
Basic functions such as alert
, console.log
, and console.clear
seem to work using this method. Why this was left in is beyond me.
HTTP GET requests are not supported, so you cannot use external scripts: