Via Zone-H -
Very little time has passed from the last Microsoft defacement (Microsoft Technet), when yesterday Saudi Arabia crackers successfully compromised another Microsoft website:
Microsoft.co.uk at the page http://www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399.
At the time being, the defacement is still up and running even though not every browser will be capable to show it as too many users are trying now to load the hacker's injected CSS (Cascading Style Sheet) located on an external host (h.1asphhost.com) which now has is suffering slow response time.
The technique used by the attacker to deface Microsoft's page is probably based on a kind of SQL flaw (sql injection). In fact, after a short investigation we noticed how the V2 parameter passed to the PreRegister.aspx script, allows to execute both Cross Site Scripting attacks as well as SQL injection attacks, as you can deduct from the debug error message generated by the application.
-----------------------------------
The defacement is no longer up...and hopefully those database passwords have been rotated. The Saudi Arabia cracker later posted a video detailing the exact method of defacement.
The video shows that Zone-H was correct in their theory of attack.
No comments:
Post a Comment