Microsoft UK Defaced by Saudi Hackers

Keep on Guard!

A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.

This was less than a month after Technet got owned.

I don’t think they are ever going to lay off MS.

Saudi hackers manged to deface a page on Microsoft’s UK web site last week, recording the techniques they used in an online video.

The software giant’s sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
Click here to find out more!

A video illustrating SQL Injection flaws affecting, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn’t come as any particular surprise to learn that the video (posted on was pulled over the weekend.

I’d say the site is still pretty insecure and is likely to get owned again.

According to Zone-h,’s externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site. is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®

You can see details of the defacement and the result at Zone-H here.

Source: The Register

Posted in: Hacking News, Web Hacking

, , , , , , ,

Latest Posts:

GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
Memcached DDoS Attacks Will Be BIG In 2018 Memcached DDoS Attacks Will Be BIG In 2018
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
libsodium - Easy-to-use Software Library For Encryption libsodium – Easy-to-use Software Library For Encryption
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.
XSStrike - Advanced XSS Fuzzer & Exploitation Suite XSStrike – Advanced XSS Fuzzer & Exploitation Suite
XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

9 Responses to Microsoft UK Defaced by Saudi Hackers

  1. Nobody_Holme August 30, 2007 at 7:52 am #

    haw-haw. amongst other things thats a slap in the face for the “our security is good, honest guv” crowd at MS… also plain amusing.

  2. TheRealDonQuixote August 30, 2007 at 11:48 pm #

    ROFLMAO @ Micro$oft. Totally agree with Nobody_Holme! This is just funny on so many levels. I wanna see the video of the attack!! LNK PLZ?

  3. Sandeep Nain August 31, 2007 at 1:36 am #

    Well these guys boast of making THE MOST SECURE OPERATING SYSTEM (WINDOWS VISTA) but they can’t even secure their Website..

    Micro$oft please learn something about security …

  4. TheRealDonQuixote August 31, 2007 at 4:41 am #

    Honestly, what are the peeps over at MicroSUCK thinking? Is this hubris? They have every possible resource that money can buy, but they fail to execute the basics of modern security?!?! How does that happen? Seriously, does anyone have any clue as to why Microsoft would let this craptasticness continue from XP on up?

    oops. I’m a tard. I just saw the link to the info on the attack. Srry. :(

  5. ROke August 31, 2007 at 1:24 pm #



  6. Nobody_Holme August 31, 2007 at 2:35 pm #

    Cant find the vid anywhere. but meh? I am tempted to try exactly the same technique on exactly the same site in about a month… It’ll probably work, sadly.
    oh yah, and TRDQ, YOU are a tard? do you really work in the microsuck security department? :p

  7. TheRealDonQuixote September 1, 2007 at 5:55 am #

    @ Nobody_Holme
    There are 7 levels of tard. MicroSUCK security developers are one level below George W. Bush, who is the most tard of all tards at a level numero one. A level 7 tard is like someone who forgets their coffee on top of their car. I’m like a level 5 or 6 tard, somewhere around people who don’t RTFM. Level 4 tards are people who don’t RTFM and then proceed to ask repetitive questions about said FM without searching Google. A level 3 tard is someone who has no idea what RTFM refers to, nor do they care to know exactly how to use their email client.

    I think that pretty much covers all the levels… ;)

  8. Nobody_Holme September 1, 2007 at 12:43 pm #

    I know a depressingly large number of level 3 tards… :(
    and are you sure there isnt another level in there somewhere for people who buy microsoft software because “its secure”?

  9. Sandeep Nain September 5, 2007 at 12:00 am #

    @TRDQ : you forgor to mention level 1 and level 2 tards..
    I believe Level 1 tards are the people who buy micr$oft products considering it a secure system. (answer for Nobody_Holme’s question).