Microsoft

Hijacking User's Private Information access_token from Microsoft Office360 facebook App

Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in […]

Microsoft Yammer Clickjacking - Exploiting HTML5 Security Features

    Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best! Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is […]

Previous page Next page

Scroll Up