Bing is a 2nd world most used search engine besides Google. It is owned by the tech giant Microsoft. It’s a great place to find news and other stuff. So for a website, bing is an important source of traffic. That’s why I was working on SEO for my website at bing.com. But found an Open URL Redirection vulnerability in Bing. In those days, we made the Sprotechs Forum. I was not in the mood to find vulnerabilities. Simply I was working on SEO on bing to index my website. When you are bored your mind want something new.
For indexing website in Bing, you have to visit the Bing-Webmasters Tool. Here, you need to enter your website and followed by sitemap etc. So I followed the same process for my own my website. When I was going to submit my website, I saw something that grab my evil intentions. It was the URL:
https://www.bing.com/webmaster/home/addsite?returnurl=https://www.bing.com/webmaster/.
At first, I tried to convince myself “it’s nothing just a waste of time”. But my curious mind keeps on whispering “let’s try it!”.
I changed the parameter to
https://www.bing.com/webmaster/home/addsite?returnurl=https://sprotechs.com
After this, I did the same method which I was doing for submitting my website. When I clicked add, BOOOOM https://bing.com redirected to https://sprotechs.com. I was very happy, I think that day was lucky for me.
I reported Microsoft for this vulnerability and they triaged the report. The vulnerability has been fixed now. While writing this post, I guess some of my readers will think the report must be a professional type or something like that. But it goes with steps of finding the vulnerability and reporting to Microsoft. Maybe it proves helpful for newbies.
Steps:
