Wednesday, June 22, 2011

Microsoft.com Server vulnerable to hackers !!!

          A hacker with Codename "No.One" release some vulnerability regarding Microsoft.com via a pastebin post. We analyse it & Explaining the possible Security Breach. 

          Do you know how hacker get root access on a server If target site is not vulnerable ? Let's See.. Hackers Find a vulnerable site on same server which host target site . Let us suppose we have "Microsoft.com" as target. Now Microsoft.com hosted on 125.5.39.135 , which having two domains on it :

 
          Now We know that Microsoft.com is Secure site, Lets See another site of same host : http://www.dole.gov.ph/ . 
Its Official Website of the Department of Labor and Employment - Republic of Philippines . Is it vulnerable ?  


          Yes ! see : http://www.dole.gov.ph/secondpage.php?id=2113' . Its SQL injection . Now Hacker is able to get database from this site . For example the current database name is "dolews_4a351sd" and Hacker also may be able to upload to upload shell on server using this.

 
          This Attack may lead to rooting of 125.5.39.135 Server, Which also host "Microsoft.com", The Target site. Hackers may be able to deface the site or can steal source code too. 

0 comments:

Post a Comment