Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Year

Select Year: 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008

List of incidents for the year 2000
5 incidents listed
WHID 2000-4: Sensitive files left unprotected on Western Union's Web
Reported:
Occurred: 10 September 2000

Classifications:

  • Attack Method: Misconfiguration
  • Attack Method: Failure to Restrict URL Access
  • Country: USA

Sensitive files were left in a publicly accessible directory during a maintenance window

References:

WHID 2000-6: Inforeading.com defacement using command injection
Reported:
Occurred: 15 December 2000

Classifications:

  • Attack Method: OS Commanding

Executing local commands using URL parameters

References:

WHID 2000-2: IKEA exposes customer information on catalog site
Reported:
Occurred: 06 September 2000

Classifications:

  • Attack Method: Improper Error Handling
  • Attack Method: Insecure Direct Object Reference
  • Country: ?
  • Outcome: Leakage of Information
  • Vertical: Retail

Error message revealed a database file location, which could be downloaded.

References:

WHID 2000-3: Gaffe at Amazon leaves email addresses exposed
Reported:
Occurred: 06 September 2000

Classifications:

  • Attack Method: Abuse of Functionality
  • Country: USA
  • Outcome: Leakage of Information

E-mail addresses of other customers displayed by mistake, no hacking was required

References:

WHID 2000-5: Eve.com exposes customers order information
Reported:
Occurred: 13 September 2000

Classifications:

  • Attack Method: Credential/Session Prediction
  • Outcome: Leakage of Information

View other customers orders by changing a sequential number within a URL parameter

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.