Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Classification

Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.

Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical

Select criteria for classification "Country":
?, Australia, Belgium, Brazil, Canada, China, Ecuador, France, Germany, Global, Greece, India, Israel, Italy, Jamaica, Japan, Korea, Libya, Mexico, New Zealand, Peru, Spain, Sweden, Thailand, Turkey, UK, United Nations, USA

List of incidents for which Country is Australia
3 incidents listed
WHID 2007-52: Hacker halts Rivkin auction of 37 watches
Reported: 05 November 2007
Occurred: 05 November 2007

Classifications:

  • Attack Method: Denial of Service
  • Country: Australia
  • Outcome: Loss of Sales
  • Vertical: Retail

Seems that the there is a new trend to disrupt on line bidding using denial of service attacks. In this case, an auction for 37 very expensive watches was halted 20 minutes before the end as the site crashed, in what official sources describe as a hacker attack that did not result in a site compromise.

References:

WHID 2007-45: XSS flaw makes PM say: "I want to suck your blood"
Reported: 10 October 2007
Occurred: 09 October 2007

Classifications:

  • Attack Method: Cross Site Scripting (XSS)
  • Country: Australia
  • Outcome: Defacement
  • Vertical: Politics

Using XSS on the sites of both Australian major political parties a security researcher nicknamed Bsoric caused the Liberal Party's Web site to read: "John Howard says: I want to suck your blood", while another script caused a window to pop up on the Labor Party's Web site, urging viewers to "Vote Liberal!"

References:

WHID 2007-17: Big Brother's big bother
Reported: 26 April 2007
Occurred: 23 April 2007

Classifications:

  • Attack Method: Credential/Session Prediction
  • Country: Australia
  • Outcome: Leakage of Information
  • Vertical: Media

The site of "Big Brother", a reality show in Australia issued duplicate session IDs to different users since the session ID pool was exhausted. Naturally, the 2nd person to get the same session ID got to see all the details of the 1st one!

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.