Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

View Incident By ID

WHID 2007-86: Mac Blogs defaced using XSS
Reported: 17 February 2008
Occurred: 23 November 2007

Classifications:

  • Attack Method: Cross Site Scripting (XSS)
  • Country: Global
  • Outcome: Defacement
  • Vertical: Technology

The standard disclaimer that we do not cover each and every defacement is relevant to this entry as well. So why do we include the defacement incident this time? First and foremost, it is known to be an XSS abusing a WordPress zero day bug. Secondly, it is a targeted attack aiming to deface only Mac related web sites. Usually targeted defacement attacks are carried out against political targets. Did attacking apple become a political issue? Was Apple transformed into a nation overnight? Well certainly into a cult.

References:


Select an Incident:

1999: 1999-1

2000: , 2000-1, 2000-2, 2000-3, 2000-4, 2000-5, 2000-6

2001: 2001-1, 2001-2, 2001-3, 2001-4, 2001-5, 2001-6

2002: 2002-1, 2002-2, 2002-3, 2002-4

2003: 2003-1, 2003-2, 2003-3, 2003-4, 2003-5, 2003-6, 2003-7, 2003-8, 2003-9

2004: 2004-1, 2004-10, 2004-11, 2004-12, 2004-13, 2004-14, 2004-15, 2004-16, 2004-17, 2004-18, 2004-2, 2004-3, 2004-4, 2004-5, 2004-6, 2004-7, 2004-8, 2004-9

2005: 2005-1, 2005-10, 2005-11, 2005-12, 2005-13, 2005-14, 2005-15, 2005-16, 2005-17, 2005-18, 2005-19, 2005-2, 2005-20, 2005-21, 2005-22, 2005-23, 2005-24, 2005-25, 2005-26, 2005-27, 2005-28, 2005-29, 2005-3, 2005-30, 2005-31, 2005-32, 2005-33, 2005-34, 2005-35, 2005-36, 2005-37, 2005-38, 2005-39, 2005-4, 2005-40, 2005-41, 2005-42, 2005-43, 2005-44, 2005-45, 2005-46, 2005-47, 2005-48, 2005-49, 2005-5, 2005-50, 2005-51, 2005-52, 2005-53, 2005-54, 2005-55, 2005-56, 2005-57, 2005-58, 2005-59, 2005-6, 2005-60, 2005-61, 2005-62, 2005-63, 2005-64, 2005-65, 2005-7, 2005-8, 2005-9, 2007-18

2006: 2006-1, 2006-10, 2006-11, 2006-12, 2006-13, 2006-14, 2006-15, 2006-16, 2006-17, 2006-18, 2006-19, 2006-2, 2006-20, 2006-21, 2006-22, 2006-23, 2006-24, 2006-25, 2006-26, 2006-27, 2006-28, 2006-29, 2006-3, 2006-30, 2006-31, 2006-32, 2006-33, 2006-34, 2006-35, 2006-36, 2006-37, 2006-38, 2006-39, 2006-4, 2006-40, 2006-41, 2006-42, 2006-43, 2006-45, 2006-46, 2006-47, 2006-5, 2006-6, 2006-7, 2006-8, 2006-9

2007: , 2007-01, 2007-02, 2007-03, 2007-04, 2007-05, 2007-06, 2007-07, 2007-08, 2007-09, 2007-10, 2007-11, 2007-12, 2007-13, 2007-14, 2007-15, 2007-16, 2007-17, 2007-19, 2007-20, 2007-21, 2007-22, 2007-23, 2007-24, 2007-25, 2007-26, 2007-27, 2007-28, 2007-29, 2007-30, 2007-31, 2007-32, 2007-33, 2007-34, 2007-35, 2007-36, 2007-37, 2007-38, 2007-39, 2007-40, 2007-41, 2007-42, 2007-43, 2007-44, 2007-45, 2007-46, 2007-47, 2007-48, 2007-49, 2007-50, 2007-51, 2007-52, 2007-53, 2007-54, 2007-55, 2007-56, 2007-57, 2007-58, 2007-59, 2007-60, 2007-61, 2007-62, 2007-63, 2007-64, 2007-65, 2007-66, 2007-67, 2007-69, 2007-70, 2007-71, 2007-72, 2007-73, 2007-74, 2007-75, 2007-76, 2007-77, 2007-78, 2007-79, 2007-80, 2007-81, 2007-82, 2007-83, 2007-84, 2007-85, 2007-86

2008: , 2008-01, 2008-02, 2008-03, 2008-04, 2008-05, 2008-06, 2008-07, 2008-08, 2008-09, 2008-10, 2008-11, 2008-12


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.