[WASC-WHID] WHID 2011-53: Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:09:46 EDT 2011


*Entry Title: *WHID 2011-53: Expedia's TripAdvisor Member Data Stolen in
Possible SQL Injection Attack
*WHID ID: *2011-53
*Date Occurred: *March 24, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Hospitality
*Attacked Entity Geography: *USA
*Incident Description: *TripAdvisor discovered a data breach in its systems
that allowed attackers to grab a portion of the Website's membership list
from its database.
*Mass Attack: *No
*Reference: *
http://mobile.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/
*Attack Source Geography:*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/c153810a/attachment-0003.html>


More information about the wasc-whid mailing list