Search This Blog

Showing posts with label Bing Hacks. Show all posts

Microsoft Suffered A Rare Cyber-Security Lapse When One of Bing's Backend Servers Were Exposed Online


Microsoft endured a rather rare cyber-security lapse just this month when the company's IT staff incidentally left one of Bing's backend servers exposed on the web. 

Discovered by Ata Hakcil, a security researcher at WizCase, only imparted his discoveries to ZDNet the previous week. As per Hakcil's investigation, the server is said to have exposed more than 6.5 TB of log documents containing 13 billion records coming from the Bing search engine.

Hakcil said the server was exposed from September 10 to September 16, when he initially had informed the Microsoft Security Response Center (MSRC), and the server was made secure one more time with a password. 

The Wizcase researcher had the option to check and re-check his discoveries by finding search queries he performed in the Bing Android app in the server's logs.

Microsoft admitted to committing this mistake and commented last week, 

"We've fixed a misconfiguration that caused a small amount of search query data to be exposed," a Microsoft spokesperson told ZDNet in an email last week. After analysis, we've determined that the exposed data was limited and de-identified." ZDNet, which was provided access to the server while it was exposed without a password, can affirm that no personal user info was made public. 

Rather, the server exposed specialized details, like search inquiries, details regarding the client's system (device, OS, browser, etc.), geo-location details (wherever accessible), and various tokens, hashes, and coupon codes.
The leaky server was distinguished as an Elasticsearch system. Elasticsearch servers are high-grade systems where organizations collect huge amounts of information to handily search and channel through billions of records easily. 

Throughout the previous four years, Elasticsearch servers have frequently been the source of numerous coincidental information leaks. 

The reasons are known to fluctuate and can go from administrators neglecting to set a password; firewalls or VPN frameworks unexpectedly going down and uncovering an organization's normally-internal servers; or organizations duplicating production data to test systems that aren't always secured as rigorously as their essential infrastructure.


Can't Believe this: A Hacker called dr@g has Hacked Guadeloupe  Google / Microsoft/ Motorola / Orange / Facebook / Youtube / Myspace / Live / Hotmail / Bing / Visa / Opera / Gmail / Joomla / Ubuntu / Internet / Bank America and Defaced them. The Hacker is in the team called Moroccain Security Cr3w.
Looks like DNS Hijacking(but not sure).

Hacked Site List:


Juan Sacco (runlvl) exposed XSS vulnerability in Maps

Juan Sacco (runlvl),One of the Security Researcher - Insecurity Research Labs exposed the XSS vulnerability in Search Engine.

BING.COM is prone to a XSS vulnerability because the application fails
to properly perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the
victim's browser.

The reflected XSS vulnerability is a variant of a cross-site scripting
flaw: it occurs when the data provided by the attacker is exectued by
the browser, and then displayed on "normal" pages returned to other
users in the course of regular browsing, without proper HTML escaping. A
classic example of this is with online message boards where users are
allowed to post HTML formatted messages for other users to read

Vulnerabilit Details:
  • Name : XSS Reflected on BING.COM
  • Vulnerability Type : XSS Reflected
  • Severity : Very High
  • Researcher : Juan Sacco (runlvl) 
  • Vulnerable Link: here

The vulnerability is caused by the following code and affected by the
Generate Code map

<div id="LME_mapLinks" style="line-height: 20px">
<a id="LME_largerMap" //--&gt;&quot;&gt;'&gt; on Bing Maps (New
window)">View Larger Map</a>

Manual discovered by Insecurity Research Labs
Juan Sacco (runlvl) -