all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover 🤯

Add to bookmarks
March 31, 2023, 5:11 p.m. | /u/yayeggs

cybersecurity www.reddit.com

Microsoft (among others) has some gnarly vulnerabilities - where do you all go for bounty programs? Curious even more now seeing how a misconfiguration, lack of ACLs policies, simple cross site scripting execution can bank you some $$$. Disclaimer: I researched a few vendor sites, and while some disclose a method to report, others do not have any information.

aad account account takeover bank bing bingbang bounty cross site scripting cybersecurity information led manipulation microsoft misconfiguration policies report results scripting simple takeover vendor vulnerabilities

Visit resource

More from www.reddit.com / cybersecurity

Security under CTO, IT under CFO 2 hours ago | www.reddit.com
cfo corporate cto cybersecurity +12
How does a small company offering basic IT sevices address cyber security these days? 4 hours ago | www.reddit.com
address basic cyber cyber security +5
Why haven’t we seen Financial Loss at Bank Levels? 6 hours ago | www.reddit.com
access addresses bank banks +16
THM vs HTB vs HTB Academy for a computer science graduate 13 hours ago | www.reddit.com
academy beginner computer computer science +14
Nations Require Licensure of Cybersecurity Pros 13 hours ago | www.reddit.com
cybersecurity
Has anyone experienced any incident involving a malicious USB drop? 13 hours ago | www.reddit.com
cybersecurity device drive employee +9
What do you use to document your personal projects? 15 hours ago | www.reddit.com
code cyber cybersecurity document +9
In the era of hostile hardware/firmware, is endpoint cybersecurity/cryptography still possible? 17 hours ago | www.reddit.com
aes can challenge cipher +14
Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? 17 hours ago | www.reddit.com
advice bureau cybersecurity cybersecurity professionals +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Check Team Members / Cyber Consultants / Pen Testers

@ Resillion | Birmingham, United Kingdom
View on infosec-jobs.com

Security Officer Field Training Officer- Full Time (Harrah's LV)

@ Caesars Entertainment | Las Vegas, NV, United States
View on infosec-jobs.com

Cybersecurity Subject Matter Expert (SME)

@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States
View on infosec-jobs.com

AWS Security Engineer

@ IntelliPro Group Inc. | Palo Alto, CA
View on infosec-jobs.com

Information Security Analyst

@ Freudenberg Group | Alajuela
View on infosec-jobs.com
View more jobs