Microsoft HACKED!
by Nikola Strahija on May 26th, 2004 For the second time, Microsoft got defaced. This time, using a simple SQL, the attacker was able to modify the title and introduction of the Microsoft Press section.
Microsoft Press
The defacers modified the title and introduction of the Microsoft Press section to write "Owned OutLaw Group by Pharoeste e Wolfblack" in order to prove that they compromised it.
They found the administration page and performed a SQL injection attack, allowing them to manage the content of the section.
Here are the mirror and a screenshot of the defacement:
http://www.zone-h.org/defacements/mirror/id=1246363/
http://www.zone-h.org/files/77/microsoft.com.gif
Microsoft Korea
Two months ago 2 Microsoft Korea web sites were defaced, but this time the main and *supposed* secure Microsoft.com web site is defaced by using a common and well known vulnerability!
The Microsoft Mexico (microsoft.com.mx) web site has also been defaced last week, the Turkish defacer named Iskorpitx put his usual page in the cgi-bin folder. He probably took advantage of a recent vulnerability in the Windows operating system (MS04-011), so now the question is: why don't they apply their own patches?
You can have a look at the mirror here:
http://www.zone-h.org/defacements/mirror/id=1212152/