Home :: List of Web Hacking Incidents

List of Web Hacking Incidents: Disclosure Only

To further analyze the Web Hacking Incident Database, use the WHID query page

Attack Method Outcome
WHID 2007-78: A Brazilian banking site allows users to views receipts intended for others Credential/Session Prediction Disclosure Only
WHID 2007-62: A security flaw in Passport Canada's website Credential/Session Prediction Disclosure Only
WHID 2007-56: TJMaxx XSS Vulnerability Cross Site Scripting (XSS) Disclosure Only
WHID 2007-32: XSS vulnerability on various German online banking sites Cross Site Scripting (XSS) Disclosure Only
WHID 2007-12: SQL injection at knorr.de login page
SQL Injection
Cross Site Scripting (XSS)
 Disclosure Only
WHID 2006-8: ICQmail.com - Mail2World.com XSS vulnerability Cross Site Scripting (XSS) Disclosure Only
WHID 2006-7: Google Reader "preview" and "lens" script improper feed validation Redirection Disclosure Only
WHID 2006-5: Hotmail XSS (1) Cross Site Scripting (XSS) Disclosure Only
WHID 2006-48: SQL Injection Used to Steal Information from "Life is Good" SQL Injection Disclosure Only
WHID 2006-40: Data Mining MySpace Bulletins
Predictable Resource Location
Insufficient Authorization
 Disclosure Only
WHID 2006-39: Another Google XSS Cross Site Scripting (XSS) Disclosure Only
WHID 2006-38: Convenience or just bad design? Insufficient Authorization Disclosure Only
WHID 2006-35: Yahoo mail XSS in CSS expression keyword Cross Site Scripting (XSS) Disclosure Only
WHID 2006-34: XSS Exploit at sms.ac Cross Site Scripting (XSS) Disclosure Only
WHID 2006-33: Alexadex.com players.py XSS Exploit Cross Site Scripting (XSS) Disclosure Only
WHID 2006-32: libero.it XSS vulnerability - HTML injection Cross Site Scripting (XSS) Disclosure Only
WHID 2006-31: URL Bug On 1ASPHost and DomainDLX Hosting Services Cross Site Scripting (XSS) Disclosure Only
WHID 2006-28: Tlen.PL e-mail XSS vulnerability Disclosure Only
WHID 2006-27: SQL Injection in incredibleindia.org SQL Injection Disclosure Only
WHID 2006-25: Everyone.net XSS Cross Site Scripting (XSS) Disclosure Only
WHID 2006-24: Hotmail XSS (2) Cross Site Scripting (XSS) Disclosure Only
WHID 2006-23: ICQ search vulnerable to XSS Cross Site Scripting (XSS) Disclosure Only
WHID 2006-22: SQL injection in a banking application SQL Injection Disclosure Only
WHID 2006-21: Sourceforge.net XSS (1) Cross Site Scripting (XSS) Disclosure Only
WHID 2006-20: Sourceforge.net XSS (2) Cross Site Scripting (XSS) Disclosure Only