wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-29: PlentyofFish Site Hacked

WW
WASC Web Hacking Incidents Database
Wed, Feb 2, 2011 1:41 PM

WHID 2011-29: PlentyofFish Site Hacked

Entry Title: WHID 2011-29: PlentyofFish Site Hacked
WHID ID: 2011-29
Date Occurred: January 31, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Entertainment
Attacked Entity Geography: Yarmouth, Nova Scotia
Incident Description: "The vulnerability was properly documented by our
team, without exposing any confidential user information," he writes. "This
was an error based MSSQL injection, that could allow any attacker to make a
full backup of the databases used by the websever, and or gain direct access
into the site."
Mass Attack: No
Reference: http://www.net-security.org/secworld.php?id=10514
Attack Source Geography:
Additional Link: http://www.youtube.com/watch?v=7RBYkk5Vq4M

WHID 2011-29: PlentyofFish Site Hacked Entry Title: WHID 2011-29: PlentyofFish Site Hacked WHID ID: 2011-29 Date Occurred: January 31, 2011 Attack Method: SQL Injection Application Weakness: Improper Input Handling Outcome: Leakage of Information Attacked Entity Field: Entertainment Attacked Entity Geography: Yarmouth, Nova Scotia Incident Description: "The vulnerability was properly documented by our team, without exposing any confidential user information," he writes. "This was an error based MSSQL injection, that could allow any attacker to make a full backup of the databases used by the websever, and or gain direct access into the site." Mass Attack: No Reference: http://www.net-security.org/secworld.php?id=10514 Attack Source Geography: Additional Link: http://www.youtube.com/watch?v=7RBYkk5Vq4M