bribes

Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records _{^{(Auth Bypass + Leaked API Key)}}

Date: 08/12/25

Hey! I'm Faav, and this is how I hacked the Microsoft Device Pricing Program (for Microsoft Partners) to leak Microsoft Employee PII using an auth bypass and 700M+ Microsoft partner records via a leaked API key.

One day, I came across the subdomain mdpp.microsoft.com and decided to look into it. (MDPP stands for Microsoft Device Pricing Program)

bribes

Break into any Microsoft building: Leaking PII in Microsoft Guest Check-In _{^{(All Buildings + Guest/Employee PII)}}

Date: 07/18/25

Hey! I'm Faav, a 15 y/o amateur bug bounty hunter and this is my first write-up! So this is the story of how I figured out how to leak PII in Microsoft Guest Check-In.

One day I was poking around random Microsoft subdomains when I stumbled upon guest.microsoft.com.

bribes

Hacking Minecraft Realms: Spoofing Realms Owner _{^{(Crashing Minecraft)}}

Date: 07/16/25

Hey! I'm Faav, and this is how I hacked Minecraft Realms!

One day, I saw a tweet by CornerHard showing a new page on Minecraft.net to edit Realms.

https://x.com/CornerHardMC/status/1661112139111874562

bribes

How I hacked my school's website

Date: 07/15/2025

Year: 2022

Hey! I’m Faav, and this is the story of how I hacked my school's website back in elementary/middle school.

While exploring my school's website I realized my school used Moodle (A learning management system) which had a To-Do List feature built in.

bribes

Test Post

wow!!

Test list:

• test
• test

POST / HTTP/2
Host: example.com

bribes

// made by Faav#6320
const open = XMLHttpRequest.prototype.open;

// to replace again only copy the below code
XMLHttpRequest.prototype.open = function () {
    if (arguments[1] == 'https://discord.com/api/v9/connections/riotgames/authorize') {
        arguments[1] = 'https://discord.com/api/v9/connections/ebay/authorize'
    }
    return open.apply(this, arguments);
}