This was able to run as expected, without interference. What’s more, the researchers were able to add a harmless cross-site scripting (XSS) payload into Bing while they were logged in. As the researchers explained, “a malicious actor landing on the Bing Trivia app page could therefore have tampered with any search term and launched misinformation campaigns, as well as phished and impersonated other websites.” Stealing private files and emails Wiz However, there’s nothing funny about what this flaw implies. With a touch of humor, they then altered one of the entries, changing the top result for ‘best soundtracks’ from the Dune score to that from the 1995 movie Hackers. Fitbit Versa 3Īfter exploiting the flaw to log into the Bing Trivia app, the Wiz team found a content management system (CMS) tied to that was controlling the search engine’s live results.
0 kommentar(er)
