WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:09 PM
*Entry Title: *WHID 2011-53: Expedia's TripAdvisor Member Data Stolen in
Possible SQL Injection Attack
*WHID ID: *2011-53
*Date Occurred: *March 24, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Hospitality
*Attacked Entity Geography: *USA
*Incident Description: *TripAdvisor discovered a data breach in its systems
that allowed attackers to grab a portion of the Website's membership list
from its database.
*Mass Attack: *No
*Reference: *
http://mobile.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/
Attack Source Geography:
*Entry Title: *WHID 2011-53: Expedia's TripAdvisor Member Data Stolen in
Possible SQL Injection Attack
*WHID ID: *2011-53
*Date Occurred: *March 24, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Hospitality
*Attacked Entity Geography: *USA
*Incident Description: *TripAdvisor discovered a data breach in its systems
that allowed attackers to grab a portion of the Website's membership list
from its database.
*Mass Attack: *No
*Reference: *
http://mobile.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/
*Attack Source Geography:*
