[WEB SECURITY] Microsoft.fr web defacement - misconfiguration or zero-day exploit?

Ryan Barnett rcbarnett at gmail.com
Tue Jun 20 13:17:10 EDT 2006


While the info gathered from the defacer **may** be the truth, I am always a
bit skeptical in trusting what these folks have to say.  Way too much
tempation for them to want to brag about new 0-day sploits that they
found...

I guess I have been watching a bit too much of the Law and Order re-runs on
TNT, but I envision a cross-examination with this TIThack suspect where DA
McCoy states for the jury -

"So, Mr. TIThack, you broke into the Microsoft site and defaced the
webpage.  You then, contacted Zone-H to notify them of the successful
defacement.  When filling out the zone-h notification form, you specified
"web server intrusion" when you could have provided more specific details.
So, you are a criminal and a liar and now you want us to take your word on
the details you have laid out concerning the allegded .NET Nuke script?"

-- 
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache


On 6/20/06, Gaetano Zappulla <gaetano at bacarospo.net> wrote:
>
> Hayes, Bill ha scritto:
> > Was the recent Microsoft.fr web defacement aided by site
> > misconfiguration or an IIS 6.0 zero-day exploit?  Any clues?
> >
>
> http://www.zone-h.org/content/view/4770/31/
>
> "The attacker revealed that he exploited a .net script 0day
> vulnerability after discovering that expert.microsoft.fr had installed
> and was running a vulnerable .net nuke script."
>
> you can put back the defcon to 5 ;)
>
> -g
>
>
>
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060620/1c5ef5b9/attachment.html>


More information about the websecurity mailing list