[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Circuit City Forum Hacked to exploit IE visitors

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Circuit City Forum Hacked to exploit IE visitors
Date: Thu, 1 Jun 2006 16:28:52 -0700

Circuit City warns of online forum attack http://news.com.com/Circuit+City+warns+of+online+forum+attack/ 2100-7349_3-6079203.html?part=rss&tag=6079203&subj=news

"Part of the Circuit City Web site was hacked and used in an attempt to install malicious code on PCs of unknowing visitors, the electronics retailer said Thursday."

"They first broke into the forum Web site by exploiting a bug in the Invision Power Services software that runs it"

From public vulnerability reports in the forum product it looks like the initial hack was probably SQL Injection. Difficult to know for sure.


Regards,

Jeremiah-

----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Prev by Date: [WEB SECURITY] Lots of WebAppSec at Black Hat
Next by Date: Re: [WEB SECURITY] Application Security Hacking Videos
Previous by thread: [WEB SECURITY] Lots of WebAppSec at Black Hat
Next by thread: [WEB SECURITY] IBM MQSeries Security
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org