Open Url Redirection Vulnerability in Bing

Bing
Bing

Bing is a 2nd world most used search engine besides Google. It is owned by the tech giant Microsoft. It’s a great place to find news and other stuff. So for a website, bing is an important source of traffic. That’s why I was working on SEO for my website at bing.com.  But found an Open URL Redirection vulnerability in Bing. In those days, we made the Sprotechs Forum. I was not in the mood to find vulnerabilities. Simply I was working on SEO on bing to index my website. When you are bored your mind want something new.

For indexing website in Bing, you have to visit the Bing-Webmasters Tool. Here, you need to enter your website and followed by sitemap etc. So I followed the same process for my own my website. When I was going to submit my website, I saw something that grab my evil intentions. It was the URL:

 https://www.bing.com/webmaster/home/addsite?returnurl=https://www.bing.com/webmaster/.

At first, I tried to convince myself “it’s nothing just a waste of time”. But my curious mind keeps on whispering “let’s try it!”.

Bing Webmaster Tool

Bing Webmaster Tool

I changed the parameter to

 https://www.bing.com/webmaster/home/addsite?returnurl=https://sprotechs.com

 After this, I did the same method which I was doing for submitting my website. When I clicked add, BOOOOM https://bing.com redirected to https://sprotechs.com. I was very happy, I think that day was lucky for me.

I reported Microsoft for this vulnerability and they triaged the report. The vulnerability has been fixed now. While writing this post, I guess some of my readers will think the report must be a professional type or something like that. But it goes with steps of finding the vulnerability and reporting to Microsoft. Maybe it proves helpful for newbies.

Steps:

Open URL Redirection attack process

Open URL Redirection attack process

1. Login
I logged in to Bing – Webmasters Tools here:
2) When I signed in, I got a form with the title ‘Add a Site’, With the URL:
3) Change the host for checking request here:
And that’s it.

Open URL Redirection

Open Url Redirection is a vulnerability where you can redirect the website to a malicious webpage. Like here I redirected bing.com to my own domain. it’s just a basic definition. The attacker can easily launch phishing attacks, scam people and much more. Search in OWASP about Open URL redirection for deep information.

Video POC:

I’ve also found SSRF vulnerability in Bing. It’s also been reported and fixed. Stay tuned next write-up will be about SSRF in bing.

About the Author

Salman Arif
Salman Arif Khan is the Founder of Sprotechs InfoSec. He's a Bug hunter. Cybersecurity researcher, Penetration tester and Developer for Sprotechs team.

Be the first to comment on "Open Url Redirection Vulnerability in Bing"

Leave a Reply

%d bloggers like this: