|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Software":
Apache, Cerberus Helpdesk, Confixx, cPanel, DSL Router, IIS, Linksys WRT54GL, PHP, WordPress
List of incidents for which Software is DSL Router
Reported: 28 January 2008Occurred: 21 January 2008
Classifications:
- Attack Method: Known Vulnerability
- Attack Method: Drive by Pharming
- Attack Method: Cross Site Request Forgery (CSRF)
- Country: Mexico
- Location: Client
- Outcome: Leakage of Information
- Outcome: Monetary Loss
- Software: DSL Router
- Vertical: Finance
Symantec reported an active exploit of CSRF against residential ADSL routers in Mexico (WHID 2008-05). An e-mail with a malicious IMG tag was sent to victims. By accessing the image in the mail, the user initiated a router command to changethe DNS entry of a leading Mexican bank, making any subsequent access by a user to the bank go through the attacker's server.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
