Neil wrote:
> Hi,
>
> I have a website hosted on MS IIS.
>
> It has a news section fed by a database to allow the owners of the site the
> ability to update the news pages themslves.
>
> Last week a message was added by an Iranian hacker (see the end of this
> post.)
>
> What I don't understand is how they were able to do this.
>
> The code checks for the existance of a session variable before alowing the
> page to be displayed, so how could they create this variable?
>
> Also, (from the log file,) they jumped right into the update page, not the
> form where the message is created!
>
> Any opinion would be greafully received, especially if a solution can be
> suggested!!
>
> Best reagrds
>
> NEIL
>
> Message:
>
> H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39
>
> Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
> Islam
>
> l_l_darkl0rd_l_l@yahoo.com
>
>
>
>

> Looks like a web defacement.
>
> http://news.com.com/Kevin+Mitnick+Web+site+hacked/2100-7349_3-6108032.html
>
> Even the best can be hacked.