WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:13 PM
*Entry Title: *WHID 2011-61: LizaMoon Mass SQL Injection Attack Points to
Rogue AV Site
*WHID ID: *2011-61
*Date Occurred: *March 29, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Multiple
*Attacked Entity Geography: *
*Incident Description: *Attackers have launched a large-scale SQL injection
attack that has compromised several thousand legitimate Websites, including
a few catalog pages from Apple's iTunes music store.
*Mass Attack: *Yes
*Mass Attack Name: *LizaMoon
*Reference: *
http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Points-to-Rogue-AV-Site-852537/
Attack Source Geography:
*Entry Title: *WHID 2011-61: LizaMoon Mass SQL Injection Attack Points to
Rogue AV Site
*WHID ID: *2011-61
*Date Occurred: *March 29, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Multiple
*Attacked Entity Geography: *
*Incident Description: *Attackers have launched a large-scale SQL injection
attack that has compromised several thousand legitimate Websites, including
a few catalog pages from Apple's iTunes music store.
*Mass Attack: *Yes
*Mass Attack Name: *LizaMoon
*Reference: *
http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Points-to-Rogue-AV-Site-852537/
*Attack Source Geography:*
