SQL Injection Vulnerability Used to Deface Israeli Microsoft Sites, Hacker Says

A veteran black hat is unhappy with the fact that others are using his name

  PAKbugs hacker explains how Israeli Microsoft sites have been breached
On Monday, Pakistani hackers took credit for defacing a number of high-profile Israeli websites, including BBC, Coca Cola, Intel, and several ones managed by third parties on behalf of Microsoft. Apparently, the attackers leverage SQL Injection vulnerabilities to breach the sites.

On Monday, Pakistani hackers took credit for defacing a number of high-profile Israeli websites, including BBC, Coca Cola, Intel, and several ones managed by third parties on behalf of Microsoft. Apparently, the attackers leverage SQL Injection vulnerabilities to breach the sites.

In a statement, Microsoft has told Softpedia that there is no evidence to suggest that customer information has been compromised. However, it appears that serious security holes plague the systems of the company that handles the affected websites.

The Hacker News has identified a post made by Zombie_KsA, the founder of the PAKbugs black hat community, who is unhappy with the fact that the ones responsible for the breaches are using his name.

“He scammed few people using zombie_ksa handle and promised them to hack some websites which they gave to ‘Khantastic’ but that never happened and he ran away after payment was made,” Zombie_KsA explained.

In order to demonstrate the fact that the those abusing his name are “script kiddies,” the hacker has launched his own investigation.

Apparently, all the affected sites are registered with Communigal Communication Ltd (galcomm.co.il) and it turns out that their website contains SQL injection vulnerabilities that can be easily identified and abused.

“After 5 minutes we found exact vulnerable link where we can easily inject on this website through MsSQL Injection, and very easy to extract LoginID and Passwords, for any account registered on galcomm.co.il,” he explained.

“So these skids must have used some GUI SQLi (for example, Havij and many others) and simply logged into the account to change the DNS to their server and uploaded the defacement index.”

He claims that the vulnerability details haven’t been made public because they’ve been reported to the “right authorities.” However, the hacker notes that the registrar’s site is “poorly coded.”

Comments