Web Application Security Consortium - Web hacking Incidents Database (WHID)

Contributors

Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

List of incidents of class Phishing

Full List
By Class
By ID

1999
2000
2001
2002
2003
2004
2005
2006
2007

RSS
Statistics
Blog
FAQ
About

WHID

Other WASC threat classifications:
Abuse of Functionality, Brute Force, Content Spoofing, Credential/Session Prediction, Cross-site Scripting, Defacement, Denial of Service, Directory Indexing, HTTP Response Splitting, Information Leakage, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerabity, Misconfiguration, OS Commanding, Other, Path Traversal, Phishing, Predictable Resource Location, Redirection, SQL Injection, Unknown, Weak Password Recovery Validation, Worm

There are 1 incidents of class Phishing

WHID 2006-26: Yahoo XSS used for phishing

Date: 17 April 2006
Incident Type: Security Breach
WASC Threat Classification: Cross-site Scripting, Phishing

An XSS vulnerability in Yahoo Mail is actively exploited for targeted phishing.

References:

Alert - Yahoo! Webmail XSS [Cesar Cerrudo, Argeniss]

Alert - Yahoo! Mail XSS vulnerability [Cesar Cerrudo, Argeniss]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.