2 posts

How I was able to delete 13k+ Microsoft Translator projects

Introduction Sometime back I was hunting for Vulnerabilities in Microsoft Web services, as Microsoft has large online infrastructure, finding a vulnerability which could lead to Microsoft hall of fame for security researchers wasn’t difficult. While browsing around their online services, one of their services, Microsoft hub translator caught my attention. Microsoft hub translator is and I quote:  “Microsoft Translator Hub empowers businesses and communities to build, train, and deploy customized automatic language translation systems—-”.  I signed up and started looking for vulnerabilities and found critical level vulnerability through which I was able to delete All Microsoft hub translator 13000+ projects. As the vulnerability is fixed now, I’m sharing […]

10 Methods to Bypass Cross Site Request Forgery (CSRF)

10 Methods to Bypass Cross Site Request Forgery (CSRF)

During web application security assessments, Cross Site Request Forgery is often an underrated vulnerability and often ignored, either due to the fact that it requires some sort of user interaction or lack of severity. Lack of severity part is debatable, it depends on which functionality the CSRF vulnerability exists, for example it would be severe if it exists on a password change functionality, an attack could send a crafted link to victim, victim clicks the link (Actual click is not required, one could use embedded HTML links in a page), attacker rides the victims session and password gets changed of […]