Skip to content

Instantly share code, notes, and snippets.

View bribes's full-sized avatar

Faav bribes

View GitHub Profile
@bribes
bribes / microsoft-partner-leak.md
Last active September 1, 2025 08:47
Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records

Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records (Auth Bypass + Leaked API Key)

Date: 08/12/25

Hey! I'm Faav, and this is how I hacked the Microsoft Device Pricing Program (for Microsoft Partners) to leak Microsoft Employee PII using an auth bypass and 700M+ Microsoft partner records via a leaked API key.

One day, I came across the subdomain mdpp.microsoft.com and decided to look into it. (MDPP stands for Microsoft Device Pricing Program)

image
@bribes
bribes / break-into-any-microsoft-building.md
Last active August 30, 2025 21:00
Break into any Microsoft building: Leaking PII in Microsoft Guest Check-In

Break into any Microsoft building: Leaking PII in Microsoft Guest Check-In (All Buildings + Guest/Employee PII)

Date: 07/18/25

Hey! I'm Faav, a 15 y/o amateur bug bounty hunter and this is my first write-up! So this is the story of how I figured out how to leak PII in Microsoft Guest Check-In.

One day I was poking around random Microsoft subdomains when I stumbled upon guest.microsoft.com.

image
@bribes
bribes / hacking-minecraft-realms.md
Last active July 18, 2025 20:49
Hacking Minecraft Realms: Spoofing Realms Owner
@bribes
bribes / how-i-hacked-my-schools-website.md
Last active July 17, 2025 14:21
How I hacked my school's website

How I hacked my school's website

Date: 07/15/2025

Year: 2022

Hey! I’m Faav, and this is the story of how I hacked my school's website back in elementary/middle school.

While exploring my school's website I realized my school used Moodle (A learning management system) which had a To-Do List feature built in.

@bribes
bribes / test-post.md
Created July 15, 2025 16:40
Test Post

Test Post

wow!!

Test list:

  • test
  • test
POST / HTTP/2
Host: example.com
// made by Faav#6320
const open = XMLHttpRequest.prototype.open;
// to replace again only copy the below code
XMLHttpRequest.prototype.open = function () {
if (arguments[1] == 'https://discord.com/api/v9/connections/riotgames/authorize') {
arguments[1] = 'https://discord.com/api/v9/connections/ebay/authorize'
}
return open.apply(this, arguments);
}