AppSec Blog

Weekly Roundup of Web Hacking Incidents

The following web hacking incidents were added to WHID in the past week:

  1. WHID 2010-216: DDoS: Myanmar attacks larger than those against Estonia and Georgia - http://bit.ly/cZBLWG
  2. WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website - http://bit.ly/dg9v6q
  3. WHID 2010-214: Attack cause Intuit Web-hosting service outage? - http://bit.ly/dn8yed
  4. WHID 2010-213: Cops: Hacker Posted Stolen X-rated Pics on Facebook - http://bit.ly/a2Na5I
  5. WHID 2010-212: Cheapflights claims Twitter account hacked after X-Factor tirade - http://bit.ly/bEYb2y

The Web Hacking Incident Database, or WHID for short, is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID's goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents.

This Week's WHID Spotlight

WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website

Entry Title: WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website
WHID ID: 2010-215
Date Occurred: November 5, 2010
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Government
Attacked Entity Geography: United Kingdom
Incident Description: A hacker claims to have gained full access to the website of the British Royal Navy and the underlying database through an SQL injection attack.
Mass Attack: No
Reference: http://news.softpedia.com/news/Hacker-Claims-Full-Compromise-of-Royal-Navy-Website-165112.shtml
Attack Source Geography: Romania
Additional Link:

Post a Comment






Captcha


* Indicates a required field.