Bing.com Search engine, cache.aspx XSS

Wednesday, July 29, 2009
###########################################
Bing.com Search engine, cache.aspx XSS
vendor url:http://ww.bing.com
advisore:http://lostmon.blogspot.com/2009/07/
bingcom-search-engine-cacheaspx-xss.html
vendor notify: yes vendor confirmed:yes
###########################################

Bing search engine contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does not
validate properly 'q' variable upon submission to the 'cache.aspx'
script.This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,leading to
a loss of integrity.





#########
solution:
##########

No Solution At this Time.
but microsoft planing to patch it
in the new release code from bing.

#############
timeline:
#############

discovered: 08-jun-2009
vendor notified: 11 jun 2009
vendor response: 11 jun 2009
vendor last response: 30 jun 2009
disclosure: 29 jul 2009


################ End #####################

thnx to estrella to be my ligth
thnx to Brink he is investigate with me.
thnx to all who day after day support me !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...