Microsoft And Vulnerabilities.

If you've been to ToorCon or read The Register lately, you probably learned that Microsoft publicly announced not to prosecute flaw finders, or hackers that find flaws in Microsoft's network. They've been doing this since 2007, but now it's official. I think that is the right step, and a clear sign that it's important to thank hackers for their finds. basically it's a win-win situation, everyone benefits from it. While this made public I reveal a serious flaw I found on the Microsoft domain about a month ago. I took the effort to contact Microsoft, because it's wasn't some trivial XSS hole. The flaw was due to a very old sub domain, that they clearly forgot about. It was vulnerable to SQL injection, in such a degree that access to their network was very likely. When you encounter something like that, it is important to understand your responsibility or at least ponder about the consequences, sure, I probably could have taken a shot at it, and gain "attention", but I think that it isn't the right attitude. I find a lot of these things, and usually do not write about it, but in this case I wanted to make an exception. Here is why:

Below the information that was only disclosed to Microsoft and have been fixed since.

SQL injection:

http://olab2.research.microsoft.com/LoginProcess.asp?Email='&Password=

Error:

Microsoft OLE DB Provider for SQL Server error '80040e14'
Unclosed quotation mark before the character string '' AND Password = ''.
/LoginProcess.asp, line 9

That's right, a simple login form and a magic quote.

<rant>

And so again, a single quote can often prove and do more than your MetaSpoiler shellcode. It would have been possible to unscrew some light bulbs at the old software giant, only if I felt like it due to 1 line of SEQUEL. And so again, if anyone still has doubts or disses left on webapplication hacking, let them shut up forever. And that is my message today, because no one can impress me with childish talk about pushing and popping stacks and being all hacker elites like that to pwn someone while you don't have to. And remember: simplicity is the highest sophistication. But it doesn't mean I won't use heap spraying, stack overflows, string format attacks, or writing my own assembly tutorial anymore, I'm just tired of the ignorance and the elite snobbery sometimes. The only difference is that in order to gain control, I use anything that is available. No cherry picking in hacking for me, if I could use hammer I would use a hammer. If I could open a lock with toilet paper, I would do it. That is reality, that is hacking, that is cleverness. And that is why I fear the scriptkids and loath the elites. in Tarot, you have the fool and the hermit, these cards mean the same thing. The Hermit: Yod is Aleph, the Fool in disguise.

</rant>