Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

List of incidents of class Other

Other WASC threat classifications:
Abuse of Functionality, Brute Force, Content Spoofing, Credential/Session Prediction, Cross-site Scripting, Defacement, Denial of Service, Directory Indexing, HTTP Response Splitting, Information Leakage, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerabity, Misconfiguration, OS Commanding, Other, Path Traversal, Phishing, Predictable Resource Location, Redirection, SQL Injection, Unknown, Weak Password Recovery Validation, Worm

There are 8 incidents of class Other
WHID 2007-44: Hacker Breaks Into eBay Server, Locks Users Out
Date: 06 October 2007
Incident Type: Security Breach
WASC Threat Classification: Other

A hacker exploited a leftover admin function on eBay to block users and close sales.

References:

WHID 2007-54: Mistake left constables open to ID theft
Date: 17 September 2007
Incident Type: Security Breach
WASC Threat Classification: Other

An Excel spreadsheet was published on containing sensitive information regarding police officers in York, England. The information included Social Security numbers of 46 offices and the home addresses of 74 offices. As a result identities of 3 offices where stolen.

While the information was pulled of line after a short period of time, it remained in the cache of several major search engines.

References:

WHID 2007-05: Hacking John McCain
Date: 27 March 2007
Incident Type: Security Breach
WASC Threat Classification: Other

An open source developer virtually defaced John McCain's MySpace page. He did not have to commit any crime, because the page pulled an image directly from the open source developer's site.

References:

WHID 2007-08: WordPress Backdoor
Date: 02 March 2007
Incident Type: Security Breach
WASC Threat Classification: Other

Backdoor was planted in a new official release of WordPress, the most popular blogging software in the world. It was available for download for a few days before the backdoor was located.

References:

WHID 2007-10: Super Bowl Site Hacked with Trojan, Key logger
Date: 02 February 2007
Incident Type: Security Breach
WASC Threat Classification: Other

Hackers penetrated the Dolphins stadium web site just days before the Super Bowl was held there and modified the home page to include a Trojan inflecting script.

References:

WHID 2005-44: Xoops web site hacked
Date: 28 October 2005
Incident Type: Security Breach
WASC Threat Classification: Insufficient Authorization, Other

Configuration mistake left an unprotected unused virtual host. No details on the configuration problems given.

References:

WHID 2005-41: XSS on Google's AdWords enables phishing
Date: 10 October 2005
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Cross-site Scripting, Other

References:

WHID 2005-40: Defacement of several Novell websites
Date: 04 October 2005
Incident Type: Security Breach
WASC Threat Classification: Other

Script upload due to a scoop known vulnerability

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.