[WEB SECURITY] Circuit City Forum Hacked to exploit IE visitors

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 1 19:28:52 EDT 2006


Circuit City warns of online forum attack
http://news.com.com/Circuit+City+warns+of+online+forum+attack/ 
2100-7349_3-6079203.html?part=rss&tag=6079203&subj=news

"Part of the Circuit City Web site was hacked and used in an attempt  
to install malicious code on PCs of unknowing visitors, the  
electronics retailer said Thursday."

"They first broke into the forum Web site by exploiting a bug in the  
Invision Power Services software that runs it"

 From public vulnerability reports in the forum product it looks like  
the initial hack was probably SQL Injection. Difficult to know for sure.




Regards,

Jeremiah-

----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list