Filed under: Defacements, Exploits, Personal Opinions, Security News
posted by D1m on 01 Feb 2007 01:14 am
MSN.co.uk Money Related Websites Hacked And Defaced
Two websites belonging to MSN (Microsoft Network) in the United Kingdom, were defaced today by an attacker who goes by the nickname “DARK LORD“. It looks like someone who is unethically testing his SQL injection skills, and “feeding” himself with a false sense of pride, just by leaving the message “DARK LORD WAZ HERE”.
No. I am not a defacer psychologist. I am just expressing my personal opinion on the matter, which is this: If a website defacement doesn’t convey a meaningful message, then it is done for selfish reasons.
A bit of an embarassment for Microsoft’s sysadmins…
The cracker exploited an SQL injection vulnerability in the story.asp file and thus was able to deface the following websites:
http://whatinvestment.money.msn.co.uk Win 2003
http://personalfinance.money.msn.co.uk Win 2003
Screenshot of the defaced website (Click thumbnail to view it):
The most surprising thing – actually not very suprising, judging from past cracking incidents of Microsoft’s systems – is that the website remained defaced for more than 8 hours and the SQL injection vulnerability has not been fixed yet.
Screenshot (Click thumbnail to view it):
You can view the above website defacements and 2.092.360 – as for today at 23:00 GMT – archived digital attacks at Zone-H.org.
OWASP
on 01 Feb 2007 at 10:33 pm 1.Nick Kritsilis said …
Yes, I strongly agree with your opinion that is just a false sense of pride as it is a crime to destroy someone’s business without leaving a message of what going wrong …
I would additionaly go a little bit further stating that this kind of crime has to be stopped. I do believe in the good use of internet from all the users of it. However actions like that must be fought down by any means.
on 21 Jul 2011 at 2:06 am 2.SmurfLives said …
I am interested in joining H-operations.