funsec mailing list archives
SQL injection attack on Microsoft's UK Web site
From: <rms () computerbytesman com>
Date: Tue, 3 Jul 2007 18:54:47 -0400
http://news.com.com/Details+on+defacement+of+Microsofts+U.K.+Web+site/2100-7 349_3-6194705.html?tag=nefd.top Details on defacement of Microsoft's U.K. Web site Details have emerged of an attack which defaced Microsoft's U.K. Web site. Hackers broke through the site's security, defacing it and replacing genuine content with a photo of a child waving a Saudi Arabian flag. It is likely that the company's U.K. site, which was breached on Wednesday, was subverted using an SQL injection, in which hackers exploit application vulerabilities to alter server settings or mine data, according to Zone-H, which has also run a picture of the defacement. "Most probably, the attacker exploited the site by means of SQL injection to insert HTML code in a field belonging to the table which gets read every time a new page is generated," Zone-H said on its site. Microsoft said it is investigating the breach. "Microsoft has learned of a criminal attempt to deface a subsite of Microsoft.com," the company said in a statement. "Upon notification of the criminal activity, Microsoft took the appropriate action to resolve the issue and stop any additional criminal activity. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SQL injection attack on Microsoft's UK Web site rms (Jul 03)