Yesterday while wandering the tubes of the interweb I came across this story. It turns out that in years gone by the City of Detroit gave Saddam Hussein the key to the city. I found this rather amusing and shared it with others on Twitter. A few moments later someone informed me that coincidentally the City of Detroit’s website had been defaced. I’ve saved a copy (.zip file).
Odd timing to say the least.
Well, this morning I decided to have a look. Sure enough, it’s still defaced. I grabbed a screen shot for posterity. Call it a hunch but, I think some IT person might be on the job hunt on Monday morning.
City of Detroit: link
I thought it’s the usual .gov sites defacing.
Sql injection via news then logging with admin account then inserting a new story with the content they want.
but this time they got inside access, they deleted an image file used in the template and replacing it with another image.
I guess they used an old exploit *cough* frontpage xploit http://www.ci.detroit.mi.us/_vti_bin/ *cough* or iss *cough*
There is no cache for the index before defacing.
User-agent: *
Disallow: /
http://www.ci.detroit.mi.us/robots.txt
@Ali
Yeah, the frontpage part had not escaped me 🙂