Jump to content

Bing cashback exploit discovered


Recommended Posts


A Bing cashback vulnerability has been discovered by Samir Meghani of the Bountii Team.

The flaw exists due to a software API oversight that allows users to fake transactions to Bing. Currently, Bing does not detect these faked transactions. The flaw affects both the customer and merchant. According to Samir, in his original posting, "merchants have a few options for reporting, but Bing suggests using a tracking pixel. Basically, the merchant adds a tracking pixel to their order confirmation page, which will report the the transaction details back to Bing." Samir detailed that the process was flawed but didn't pin point exactly how to generate fake transactions.

Bing Cashback is an initiative that pays people to search with Bing. Customers can also get cashback rewards, meaning you could get cashback from online purchases made when Bing is used.

In a follow up post over the weekend entitled "Surrendering to Microsoft", Samir posted a legal letter from Microsoft's legal team demanding he remove the original blog post to which he complied. Microsoft also terminated Samir's Bing cash back account. Some may argue that this is a heavy handed approach but clearly Microsoft doesn't take kindly to fraud.

Source : Neowin

Link to comment
Share on other sites

  • Replies 2
  • Views 1.1k
  • Created
  • Last Reply

when they deleted his account for cash back he should told ms to f themselves. posting information does not violate their terms. anybody could post this. im not real impress with the latest ms laywerings

Link to comment
Share on other sites

Well Microsoft IS a operative of the United States government as we all know but if you didn't know that, now you know.


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...