SQL injection attack on Microsoft's UK Web site

[<rms () computerbytesman com>]

http://news.com.com/Details+on+defacement+of+Microsofts+U.K.+Web+site/2100-7
349_3-6194705.html?tag=nefd.top

Details on defacement of Microsoft's U.K. Web site

Details have emerged of an attack which defaced Microsoft's U.K. Web site. 

Hackers broke through the site's security, defacing it and replacing genuine
content with a photo of a child waving a Saudi Arabian flag.

It is likely that the company's U.K. site, which was breached on Wednesday,
was subverted using an SQL injection, in which hackers exploit application
vulerabilities to alter server settings or mine data, according to Zone-H,
which has also run a picture of the defacement. 

"Most probably, the attacker exploited the site by means of SQL injection to
insert HTML code in a field belonging to the table which gets read every
time a new page is generated," Zone-H said on its site.

Microsoft said it is investigating the breach. "Microsoft has learned of a
criminal attempt to deface a subsite of Microsoft.com," the company said in
a statement. "Upon notification of the criminal activity, Microsoft took the
appropriate action to resolve the issue and stop any additional criminal
activity.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.