bug-bounty496
xss255
rce132
bragging-post119
google109
account-takeover107
authentication-bypass94
privilege-escalation92
open-source92
facebook86
csrf83
malware83
microsoft76
access-control75
stored-xss75
ai-agents67
web-security64
reflected-xss63
exploit62
phishing59
cve55
information-disclosure52
input-validation52
sql-injection51
smart-contract49
defi48
cross-site-scripting48
privacy47
tool46
ethereum46
reverse-engineering45
ssrf44
api-security44
vulnerability-disclosure40
web-application38
ai-security38
burp-suite37
opinion37
llm37
dos36
writeup36
apple36
automation35
responsible-disclosure35
cloudflare34
remote-code-execution33
web333
infrastructure33
html-injection33
smart-contract-vulnerability33
0
5/10
vulnerability
A researcher discovered an SSRF/XSPA vulnerability in Microsoft's Bing Webmaster Central that could be bypassed using the nip.io DNS service to resolve to internal IP addresses (127.127.127.127) and enumerate local ports and administrative directories.
Microsoft Bing
Bing Webmaster Central
Elber Andre
nip.io
0
5/10
A researcher demonstrated how chaining XSS and CSRF vulnerabilities in Bing's beta image favorites feature could compromise user accounts. The attack exploited missing CSRF tokens and lack of X-Requested-With headers, combined with javascript: protocol injection in URL fields, allowing account takeover via a malicious site.
Bing
Microsoft
Sai Krishna Kothapalli