Discover and read the best of Twitter Threads about #bingbang

Most recents (2)

Continuing the #BingBang thread, many have asked how we found the vulnerable Bing Trivia endpoint.

Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵
We wanted to scan the internet🌎and measure how many Azure customers mistakenly misconfigured their Azure App Service and Azure Functions authentication, allowing anyone to log in
Most Azure App Service and Azure Functions are hosted under *.azurewebsites.net. So we used (the amazing đź’™) @CommonCrawl and a commercial Passive DNS service to gather hundreds of thousands of azurewebsites subdomains
Read 7 tweets
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️ Image
My research started when our Research Team at @wiz_io first noticed a strange configuration in Azure. A single checkbox is all that separates an app from becoming “multi-tenant” – which by default, allows ALL USERS to log in. Image
I found a Microsoft app configured like this, and… just logged in 🤷🏻‍♂️
My user was immediately granted access to this “Bing Trivia” page. Don’t let the name fool you – it controls much more than just trivia. In fact, as I came to find out, it can control ACTUAL SEARCH RESULTS 🤯 Image
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!