Microsoft UK Defaced by Saudi Hackers


A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.

This was less than a month after Technet got owned.

I don’t think they are ever going to lay off MS.

Saudi hackers manged to deface a page on Microsoft’s UK web site last week, recording the techniques they used in an online video.

The software giant’s sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
Click here to find out more!

A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn’t come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.

I’d say the site is still pretty insecure and is likely to get owned again.

According to Zone-h, microsoft.co.uk’s externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.

Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®

You can see details of the defacement and the result at Zone-H here.

Source: The Register

Posted in: Hacking News, Web Hacking

, , , , , , ,


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


9 Responses to Microsoft UK Defaced by Saudi Hackers

  1. Nobody_Holme August 30, 2007 at 7:52 am #

    haw-haw. amongst other things thats a slap in the face for the “our security is good, honest guv” crowd at MS… also plain amusing.

  2. TheRealDonQuixote August 30, 2007 at 11:48 pm #

    ROFLMAO @ Micro$oft. Totally agree with Nobody_Holme! This is just funny on so many levels. I wanna see the video of the attack!! LNK PLZ?

  3. Sandeep Nain August 31, 2007 at 1:36 am #

    Well these guys boast of making THE MOST SECURE OPERATING SYSTEM (WINDOWS VISTA) but they can’t even secure their Website..

    Micro$oft please learn something about security …

  4. TheRealDonQuixote August 31, 2007 at 4:41 am #

    Honestly, what are the peeps over at MicroSUCK thinking? Is this hubris? They have every possible resource that money can buy, but they fail to execute the basics of modern security?!?! How does that happen? Seriously, does anyone have any clue as to why Microsoft would let this craptasticness continue from XP on up?

    oops. I’m a tard. I just saw the link to the info on the attack. Srry. :(

  5. ROke August 31, 2007 at 1:24 pm #

    alert(1)

    loooooooooooooooool

  6. Nobody_Holme August 31, 2007 at 2:35 pm #

    Cant find the vid anywhere. but meh? I am tempted to try exactly the same technique on exactly the same site in about a month… It’ll probably work, sadly.
    oh yah, and TRDQ, YOU are a tard? do you really work in the microsuck security department? :p

  7. TheRealDonQuixote September 1, 2007 at 5:55 am #

    @ Nobody_Holme
    There are 7 levels of tard. MicroSUCK security developers are one level below George W. Bush, who is the most tard of all tards at a level numero one. A level 7 tard is like someone who forgets their coffee on top of their car. I’m like a level 5 or 6 tard, somewhere around people who don’t RTFM. Level 4 tards are people who don’t RTFM and then proceed to ask repetitive questions about said FM without searching Google. A level 3 tard is someone who has no idea what RTFM refers to, nor do they care to know exactly how to use their email client.

    I think that pretty much covers all the levels… ;)

  8. Nobody_Holme September 1, 2007 at 12:43 pm #

    I know a depressingly large number of level 3 tards… :(
    and are you sure there isnt another level in there somewhere for people who buy microsoft software because “its secure”?

  9. Sandeep Nain September 5, 2007 at 12:00 am #

    @TRDQ : you forgor to mention level 1 and level 2 tards..
    I believe Level 1 tards are the people who buy micr$oft products considering it a secure system. (answer for Nobody_Holme’s question).