Wiz 

πŸ’₯ EXCLUSIVE: Wiz Research uncovers #BingBang β€” a Bing.com vulnerability πŸ’₯

This vulnerability in Bing could enable our research team to manipulate Bing search results and launch XSS attacks on Bing users, potentially accessing their Office 365 data, including Outlook emails, Teams messages, OneDrive files, and more πŸ•΅οΈ

Our researchers discovered an accidentally exposed admin interface related to Bing.com with a misconfiguration in AAD allowing any user to log in without authentication.

πŸ‘‰ All issues were responsibly disclosed to Microsoft upon discovery. Microsoft rapidly fixed the bing.com application vulnerability and modified some AAD functionality to reduce customer exposure.

πŸ“– To learn more, read our comprehensive blog post about it:
https://www.wiz.io/blog/bingbang

BingBang: How a simple developer mistake could have led to Bing.com takeover | Wiz Blog

How a misconfiguration in a Microsoft Bing.com application allowed Wiz Research to modify Bing’s search results – and potentially compromise the private data of millions of Bing users

wiz.io
Mar 30, 2023 at 4:06pmWeb