|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Country":
?, Australia, Belgium, Brazil, Canada, China, Ecuador, France, Germany, Global, Greece, India, Israel, Italy, Jamaica, Japan, Korea, Libya, Mexico, New Zealand, Peru, Spain, Sweden, Thailand, Turkey, UK, United Nations, USA
List of incidents for which Country is Germany
4 incidents listed
Reported: 19 December 2007Occurred: 30 September 2007
Classifications:
- Attack Method: Unknown
- Country: Germany
- Outcome: Leakage of Information
- Vertical: Retail
An unidentified group had stolen credit card numbers and billing addresses of the Hamburg, Germany ticket sales office Kartenhaus, a subsidiary of Ticketmaster. Some 66,000 customers who purchased tickets with a credit card from the Kartenhaus.de web site between October 24, 2006 and September 30, 2007 were affected.
References:
Reported: 12 August 2007Occurred: 01 August 2007
Classifications:
- Attack Method: Known Vulnerability
- Attack Method: OS Commanding
- Country: Germany
- Outcome: Downtime
- Software: Confixx
- Vertical: Service Providers
A command injection vulnerability at 1&1, a large German hosting provider, lead to denial of service and possible home page modification at 30 servers and up to 1700 web sites.
References:
Reported: 01 July 2007Occurred: 17 May 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: Germany
- Outcome: Disclosure Only
- Vertical: Finance
I seldom add disclosures anymore to WHID, even less XSS disclosures, but since this time they were discovered in banking sites, I thought it was worth it. After all, too many times people think that application vulnerabilities are found only at less "serious" or less "important" web sites where no real damage can occur.
References:
Reported: 02 April 2007Occurred: 02 March 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Attack Method: SQL Injection
- Country: Germany
- Outcome: Disclosure Only
- Vertical: Retail
While vulnerabilities in public web sites are dime a dozen this days and rarely included in WHID, a classic SQL injection in the login form on the home page of the web site of a very big company is worth an entry. In my presentation I usually claim that such vulnerabilities have disappeared years ago and then go on to show advanced SQL injection techniques. It seems that they exit.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
