[WEB SECURITY] Microsoft.fr web defacement - misconfiguration or zero-day exploit?

Ryan Barnett rcbarnett at gmail.com
Tue Jun 20 13:17:10 EDT 2006

While the info gathered from the defacer **may** be the truth, I am always a
bit skeptical in trusting what these folks have to say.  Way too much
tempation for them to want to brag about new 0-day sploits that they

I guess I have been watching a bit too much of the Law and Order re-runs on
TNT, but I envision a cross-examination with this TIThack suspect where DA
McCoy states for the jury -

"So, Mr. TIThack, you broke into the Microsoft site and defaced the
webpage.  You then, contacted Zone-H to notify them of the successful
defacement.  When filling out the zone-h notification form, you specified
"web server intrusion" when you could have provided more specific details.
So, you are a criminal and a liar and now you want us to take your word on
the details you have laid out concerning the allegded .NET Nuke script?"

Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
Author: Preventing Web Attacks with Apache

On 6/20/06, Gaetano Zappulla <gaetano at bacarospo.net> wrote:
> Hayes, Bill ha scritto:
> > Was the recent Microsoft.fr web defacement aided by site
> > misconfiguration or an IIS 6.0 zero-day exploit?  Any clues?
> >
> http://www.zone-h.org/content/view/4770/31/
> "The attacker revealed that he exploited a .net script 0day
> vulnerability after discovering that expert.microsoft.fr had installed
> and was running a vulnerable .net nuke script."
> you can put back the defcon to 5 ;)
> -g
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060620/1c5ef5b9/attachment.html>

More information about the websecurity mailing list