Discover and read the best of Twitter Threads about #BingBang
Most recents (2)
Continuing the #BingBang thread, many have asked how we found the vulnerable Bing Trivia endpoint.
Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵
Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵
We wanted to scan the internet🌎and measure how many Azure customers mistakenly misconfigured their Azure App Service and Azure Functions authentication, allowing anyone to log in
Most Azure App Service and Azure Functions are hosted under *.azurewebsites.net. So we used (the amazing đź’™) @CommonCrawl and a commercial Passive DNS service to gather hundreds of thousands of azurewebsites subdomains
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️
My research started when our Research Team at @wiz_io first noticed a strange configuration in Azure. A single checkbox is all that separates an app from becoming “multi-tenant” – which by default, allows ALL USERS to log in.
I found a Microsoft app configured like this, and… just logged in 🤷🏻‍♂️
My user was immediately granted access to this “Bing Trivia” page. Don’t let the name fool you – it controls much more than just trivia. In fact, as I came to find out, it can control ACTUAL SEARCH RESULTS 🤯
My user was immediately granted access to this “Bing Trivia” page. Don’t let the name fool you – it controls much more than just trivia. In fact, as I came to find out, it can control ACTUAL SEARCH RESULTS 🤯
