Hacker Problem
am 25.09.2006 12:37:45 von Neil
Hi,
I have a website hosted on MS IIS.
It has a news section fed by a database to allow the owners of the site the
ability to update the news pages themslves.
Last week a message was added by an Iranian hacker (see the end of this
post.)
What I don't understand is how they were able to do this.
The code checks for the existance of a session variable before alowing the
page to be displayed, so how could they create this variable?
Also, (from the log file,) they jumped right into the update page, not the
form where the message is created!
Any opinion would be greafully received, especially if a solution can be
suggested!!
Best reagrds
NEIL
Message:
H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39
Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
Islam
l_l_darkl0rd_l_l@yahoo.com
Re: Hacker Problem
am 25.09.2006 23:18:55 von Chad Mahoney
Neil wrote:
> Hi,
>
> I have a website hosted on MS IIS.
>
> It has a news section fed by a database to allow the owners of the site the
> ability to update the news pages themslves.
>
> Last week a message was added by an Iranian hacker (see the end of this
> post.)
>
> What I don't understand is how they were able to do this.
>
> The code checks for the existance of a session variable before alowing the
> page to be displayed, so how could they create this variable?
>
> Also, (from the log file,) they jumped right into the update page, not the
> form where the message is created!
>
> Any opinion would be greafully received, especially if a solution can be
> suggested!!
>
> Best reagrds
>
> NEIL
>
> Message:
>
> H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39
>
> Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
> Islam
>
> l_l_darkl0rd_l_l@yahoo.com
>
>
>
>
Looks like a web defacement.
http://news.com.com/Kevin+Mitnick+Web+site+hacked/2100-7349_ 3-6108032.html
Even the best can be hacked.