Home
Latest images
Search
Register
Log inBing.com WebmasterAuthenticationInformationPage.aspx XSS
Page 1 of 1
Bing.com WebmasterAuthenticationInformationPage.aspx XSS
andry Thu Sep 23, 2010 4:42 am
###########################################
Bing.com WebmasterAuthenticationInformationPage.aspx XSS
vendor url:http://ww.bing.com
bingcom-webmasterauthenticationinformat.html
vendor notify: yes vendor confirmed:yes
###########################################
Bing search engine contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does not
validate properly 'authTag' variable upon submission to the
'WebmasterAuthenticationInformationPage.aspx' script.This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
them a attacker can compose a malformed link in the variable
from WebmasterAuthenticationInformationPage.aspx and Look the
result code , it is write in two boxes and in the file
'LiveSearchSiteAuth.xml'
A remote user can compose a malformed link in the variable
from WebmasterXMLAuthDownloadPage.aspx ,wen download file
LiveSearchSiteAuth.xml this file have the malicious code.
#########
solution:
##########
Vendor patch
#############
timeline:
#############
discovered: 18-jun-2009
vendor notified: 07-08-2009
vendor response: 07-08-2009
vendor patch response: 13-08-2009
disclosure: 13-08-2009
################ End #####################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Google OR Bing ?
» Bing, Seo, And Google
» Switch from Google to Bing???
» The emergence of Bing as an SEO option
» What can I do to increase my site traffic from Bing ?
» Bing, Seo, And Google
» Switch from Google to Bing???
» The emergence of Bing as an SEO option
» What can I do to increase my site traffic from Bing ?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|