|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Attack Method":
Abuse of Functionality, Administration Error, Brute Force, Buffer Overflow, Content Spoofing, Credential/Session Prediction, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Denial of Service, Directory Indexing, Drive by Pharming, Failure to Restrict URL Access, Format String Attack, HTTP Response Splitting, Improper Error Handling, Insecure Direct Object Reference, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerability, LDAP Injection, Misconfiguration, OS Commanding, Other, Path Traversal, Predictable Resource Location, Redirection, Session Fixation, Session Hijacking, SQL Injection, SSI Injection, Unintentional Information Disclosure, Unknown, Weak Password Recovery Validation, XPath Injection
List of incidents for which Attack Method is Known Vulnerability
10 incidents listed
Reported: 28 January 2008Occurred: 21 January 2008
Classifications:
- Attack Method: Known Vulnerability
- Attack Method: Drive by Pharming
- Attack Method: Cross Site Request Forgery (CSRF)
- Country: Mexico
- Location: Client
- Outcome: Leakage of Information
- Outcome: Monetary Loss
- Software: DSL Router
- Vertical: Finance
Symantec reported an active exploit of CSRF against residential ADSL routers in Mexico (WHID 2008-05). An e-mail with a malicious IMG tag was sent to victims. By accessing the image in the mail, the user initiated a router command to changethe DNS entry of a leading Mexican bank, making any subsequent access by a user to the bank go through the attacker's server.
References:
Reported: 01 January 2008Occurred: 23 September 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Planting of Malware
- Software: cPanel
- Vertical: Service Providers
Hackers exploited an unknown cPanel vulnerability to break into HostGator servers and plant malware on hosted sites.
References:
Reported: 01 January 2008Occurred: 23 May 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Planting of Malware
- Software: cPanel
- Vertical: Service Providers
The Washington Post ran a story about a large scale infiltration to IPower, a major hosting provider. According to the story and the following comments, it seems that the problem is plunging IPower for a long time without being resolved. Put in perspective the PlusNet incident which was serious but swiftly handled and publicly acknowledged by the company.
Actually the problem is so dominant that a recent StopBadware report lists Ipower as by far the most Malware infected hosting company. Reports mention that the problem started as early as mid 2006.
The root cause of the breach here is mentioned as being a vulnerability in either Apache, PHP or cPanel. I have selected the third as being more probably until further evidence materialize.
References:
Reported: 01 January 2008Occurred: 17 September 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Leakage of Information
- Software: Cerberus Helpdesk
- Vertical: Service Providers
A known vulnerability in the helpdesk software used by hosting provider Layered Technologies resulted in leakage of information, including names, addresses, phone numbers and email addresses of up to 6,000 of the company's clients.
References:
Reported: 19 December 2007Occurred: 17 December 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: UK
- Outcome: Link Spam
- Software: WordPress
- Vertical: Media
In an incident very similar to the Al Gore Hack, the personal blog of IT journalist Tim Anderson was also hacked. Unlike Mr. Gore, Tim discusses the breach and its origins.
References:
Reported: 19 December 2007Occurred: 27 October 2007
Classifications:
- Attack Method: Known Vulnerability
- Attack Method: Insufficient Authentication
- Attack Method: SQL Injection
- Country: UK
- Outcome: Downtime
- Software: WordPress
- Vertical: Education
This story probably represents hundreds of similar stories. Many of us have come to rely on open source software, which is useful, feature reach and free. It enables us access to tools available to a few only a couple of years ago. The downside is that this easy availability means that many use the tools without having the time, resources and expertise to protect them. Systems such as phpBB and WordPress are good
examples of very popular open source systems that require constant
attention in order to maintain secure.
I am sure that the guys at Light Blue Touchpaper have the
expertise to protect their WordPress installation, but they
don’t have the time. They made the compromise between ease of
management of their web site and its security. Actually my personal blog might be
just as vulnerable, since as I write this I am very much not paying
attention to its security.
Apart from, or actually because of the fact that the
victims are security experts, this story is noteworthy due to two
additional twists in the plot:
- Zero day exploit in the wild - the attacker penetrated twice, once using a known SQL injection vulnerability, but the second time using a yet unknown vulnerability in WordPress, which was reverse engineered and published for the first time by the people at Light Blue Touchpaper.
- The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
References:
Reported: 19 December 2007Occurred: 26 November 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Link Spam
- Software: WordPress
- Vertical: Politics
Whether comment spam by itself is an application failure or a necessary evil for site allowing rich comments is an open question. However it is reported that in this case vulnerability in WordPress allowed the spammers to actually penetrate the site and modify pages and not just abuse comments.
References:
Reported: 02 September 2007Occurred: 20 August 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Defacement
- Vertical: Government
Defacements seem to dominate the list recently, probably because they reach everywhere. Two important conclusions from this particular one are that patch management is a key problem and that it is a problem mainly at government sites across the world.
References:
Reported: 12 August 2007Occurred: 01 August 2007
Classifications:
- Attack Method: Known Vulnerability
- Attack Method: OS Commanding
- Country: Germany
- Outcome: Downtime
- Software: Confixx
- Vertical: Service Providers
A command injection vulnerability at 1&1, a large German hosting provider, lead to denial of service and possible home page modification at 30 servers and up to 1700 web sites.
References:
Reported: 26 February 2006Occurred: 01 July 2005
Classifications:
- Attack Method: Known Vulnerability
- Outcome: Disclosure Only
An audit of a major Environmental Protection Agency contract management system uncovered significant security lapses that, if exploited by hackers, could have serious consequences for the agency's operations, assets and personnel. The audit focused on lack of monitoring for known vulnerabilities on these systems.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
