Microsoft Events Leak, Part II: Leaking Event Registration Database Again (via OData Injection + Timing Attack)
Date: 10/13/2025
Before reading this, please read Part I.
Hey! I'm Faav. This is the story of how I found a bypass to a previously patched vulnerability I reported in Microsoft Events, leaking the entire Event Registration database of full names, phone numbers, and emails.