[WEB SECURITY] Microsoft.fr web defacement - misconfiguration or zero-day exploit?

Gaetano Zappulla gaetano at bacarospo.net
Tue Jun 20 07:34:27 EDT 2006


Hayes, Bill ha scritto:
> Was the recent Microsoft.fr web defacement aided by site
> misconfiguration or an IIS 6.0 zero-day exploit?  Any clues?
>

http://www.zone-h.org/content/view/4770/31/

"The attacker revealed that he exploited a .net script 0day
vulnerability after discovering that expert.microsoft.fr had installed
and was running a vulnerable .net nuke script."

you can put back the defcon to 5 ;)

-g



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list