Sunday, April 29, 2007 3:05 PM sandi

IEAK web site 0wn3d.

Update: the ieak.microsoft.com/1.0/... links are M.I.A as at 5.59pm 29 April, Perth local time.

Go here:
http://www.microsoft.com/technet/prodtechnol/ie/ieak/license/default.mspx

Click on "look up customization code" to go here:
http://ieak.microsoft.com/1.0/lookupcode.asp

Then click on "License and Registration Page" link:
http://ieak.microsoft.com/1.0/newlicensee.asp

The following has been inserted into the page's source code:

<body onload="document.body.innerHTML='<p align=center><font size=7>Own3d by Cyber-Terrorist</font><img src=http://c2000.com/gifs/billgates.jpg><p align=center><font size=7>--Cyb3rT--</font></p>

The code results in what looks like a redirect, but isn't. What you see instead of the Microsoft's intended content for the page is:

As far as I can tell, this incident was originally reported in the blogosphere by: http://www.alex-smith.me.uk/?p=76

Comments

# Defaced: Microsoft IEAK page

Sunday, April 29, 2007 3:41 AM by Donna's SecurityFlash

The Internet Explorer Administration Kit webpage of Microsoft has been defaced. See http://www.alex-smith

Leave a Comment

(required) 
(required) 
(optional)
(required)