Web Application Security Consortium - Web hacking Incidents Database (WHID)

Date: 05 November 2001
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Cross-site Scripting

References:

Microsoft Passport to Trouble [Personal Web Page]

Poking Holes in Microsoft's Passport [PC World]

WHID 2001-5: Privacy hole found in Verizon Wireless Web site

Date: 06 September 2001
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Credential/Session Prediction

References:

Privacy hole found in Verizon Wireless Web site [Computer World]

WHID 2001-4: Hacked Web site damaged PCs in Japan

Date: 21 August 2001
Incident Type: Security Breach
WASC Threat Classification: Cross-site Scripting

Users who visited the Price Lotto site using Microsoft's IE (Internet Explorer) 4.x and 5.x, automatically downloaded malicious JavaScript that was programmed to alter the software configuration of their PCs.

References:

Hacked Web site damaged PCs in Japan [InfoWorld]

WHID 2001-3: Persistent XSS in Hotmail

Date: 03 August 2001
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Cross-site Scripting

Persistent XSS HTML Injection inside an HTML email message to hotmail

References:

Expert hacks Hotmail in 1 line of code [USA Today]

'Cross-site scripting' tears holes in Net security [USA Today]

WHID 2001-2: Computer E-Retailer Exposes Credit Card Numbers

Date: 18 June 2001
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Credential/Session Prediction

View other orders by changing a sequential parameter number. Security was provided by client side JavaScript

References:

Computer E-Retailer Exposes Credit Card Numbers [Extreme Tech]

WHID 2001-1: Travelocity exposes customer information

Date: 22 January 2001
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Predictable Resource Location

Sensitive files were left in a publicly accessible directory of a new web server install

References:

Travelocity exposes customer information [CNet]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.