View Full Version : SQL Injection - are you save?!

05-25-2004, 05:10 AM
A Portuguese group dubbed "Outlaw group" has defaced the Microsoft.com web site, the hacked page (www.microsoft.com/mspress/uk/) isn't available anymore since 9:00pm GMT monday 24, 2004.

The defacers modified the title and introduction of the Microsoft Press section to write "Owned OutLaw Group by Pharoeste e Wolfblack" in order to prove that they compromised it. They found the administration page and performed a SQL injection attack, allowing them to manage the content of the section.

PHP and SQL-Injection: SQL Injection Walkthrough (http://www.securiteam.com/securityreviews/5DP0N1P76E.html)

Is PhpDig save?