Web Application Security Consortium - Web hacking Incidents Database (WHID)

Date: 01 February 2005
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Directory Indexing, Information Leakage, Insufficient Authentication

Multiple misconfiguration problems such as browsable directories, physical path revealing and default or weak passwords

References:

Think Discovers Critical Flaws in U.S. Transportation Security [Vulnerabiliy Publisher's Site]

WHID 2003-5: Car shoppers' credit details exposed in bulk

Date: 25 September 2003
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Information Leakage, Predictable Resource Location

User submitted information was being stored in a publicly available location. The URL found in the source code of a publicly available web page.

References:

Car shoppers' credit details exposed in bulk [Security Focus]

WHID 2000-2: IKEA exposes customer information on catalog site

Date: 06 September 2000
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Information Leakage, Insufficient Authentication

Error message revealed a database file location, which could be downloaded.

References:

IKEA exposes customer information on catalog site [CNet]

WHID 2000-3: Gaffe at Amazon leaves email addresses exposed

Date: 06 September 2000
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Information Leakage

E-mail addresses of other customers displayed by mistake, no hacking was required

References:

Gaffe at Amazon leaves email addresses exposed [CNet]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.