MS Web Defacements

**OverdueSpy** · April 15th, 2004, 01:42 PM

It looks like the hacker with the handle of "iskorpitx" hit at least 5000 MS 2K servers last night. http://www.zone-h.org/en/defacements

Has anyone heard how this was accomplicshed? My thoughts Perhaps done via:
1. A new, unknown vulnerability
2. Built off of one of the MS critical releases
3. The product of hording compromised systems, via known vulns, to set some record?

I would like to know more specifics if anyone is privy to the info.

***SirDice*** · April 15th, 2004, 01:46 PM

If you look closely you'll see that every url that got defaced ends in /cgi-bin. So my guess would be some vulnerable cgi-script.

**OverdueSpy** · April 15th, 2004, 02:12 PM

Originally posted here by SirDice
If you look closely you'll see that every url that got defaced ends in /cgi-bin. So my guess would be some vulnerable cgi-script.

Thanks SirDice. I can't believe I overlooked that. Overlooking the obvious is often painful. Let me slap myself in the forehead to make the point!

Thanks again.

Thread: MS Web Defacements

Thread Tools

Display

MS Web Defacements

Posting Permissions