all InfoSec news
JSON CSRF in Microsoft Bing Maps Collections
Bing Maps allows users to create a collection and add places to those collections as shown below.
The request & response to create a collection is as follows —Request & Response for Creation of Bing Maps Collection
You can notice that, there are no CSRF tokens present in the request, also notice that the Method & the Content-Type are POST & text/plain respectively. As this is a simple HTTP request, we are saved from preflight request & CORS checks. …