Web Application Security Consortium - Web hacking Incidents Database (WHID)

Date: 17 December 2006
Incident Type: Security Breach
WASC Threat Classification: Content Spoofing

A Korean shopping system was vulnerable to hidden field manipulation and a determined hacker purchased $6000 worth of merchandize at 45 stores for much less.

References:

Man arrested for hacking Internet shopping malls [The Hankyorea]

WHID 2005-8: eBay Redirect Becomes Phishing Tool

Date: 03 March 2005
Incident Type: Security Breach
WASC Threat Classification: Content Spoofing, Cross-site Scripting

References:

eBay Redirect Becomes Phishing Tool [Beta News]

WHID 2004-13: SunTrust site XSS vulnerability exploited by for phishing

Date: 06 December 2004
Incident Type: Security Breach
WASC Threat Classification: Content Spoofing, Cross-site Scripting

Phishing based on XSS (Same vulnerability but a different attack that the similar September 2004 attack)

References:

Do Online Banks Facilitate Fraud? [The Motley Fool]

SunTrust site exploited by fraudsters [NetCraft]

WHID 2004-11: Phishers Manipulate SunTrust Site to Steal Data

Date: 28 September 2004
Incident Type: Security Breach
WASC Threat Classification: Content Spoofing, Cross-site Scripting

Phishing based on XSS

References:

Phishers Manipulate SunTrust Site to Steal Data [NetCraft]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.