List of Web Hacking Incidents: SQL Injection

	Attack Method	Outcome
WHID 2008-18: Winzipices SQL bot	SQL Injection Bots and Worms	Planting of Malware
WHID 2008-17: Hackers' posts on epilepsy forum cause migraines, seizures	SQL Injection	Defacement Physical Pain
WHID 2008-15: ValueClick to Pay $2.9 Million to Settle FTC Charges	SQL Injection	Monetary Loss
WHID 2008-06: Hackers Take Down Pennsylvania Government	SQL Injection	Defacement Planting of Malware
WHID 2008-04: RIAA web site cleared	SQL Injection Denial of Service Cross Site Scripting (XSS)	Defacement Downtime
WHID 2008-01: Information stolen from geeks.com (Updated)	SQL Injection	Leakage of Information
WHID 2007-84: Soccer league's online shoppers get kicked by security breach	SQL Injection	Leakage of Information
WHID 2007-82: An SQL injection Mass Robot	SQL Injection	Planting of Malware
WHID 2007-81: MSNBC Turkish site caught serving malware	SQL Injection	Planting of Malware
WHID 2007-79: Infamous Russian malware gang used SQL injection to penetrate US government sites	SQL Injection	Planting of Malware
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection	SQL Injection	Defacement
WHID 2007-60: The blog of a Cambridge University security team hacked	Insufficient Authentication Known Vulnerability SQL Injection	Downtime
WHID 2007-51: 570 Scarborough & Tweed customers' personal information accessed by SQL injection	SQL Injection	Leakage of Information
WHID 2007-47: Commerce Bank, a US regional bank, hacked	SQL Injection	Leakage of Information
WHID 2007-38: Gentoo takes server offline due to security vulnerabilities	OS Commanding SQL Injection
WHID 2007-37: United Nations VS SQL Injections	SQL Injection	Defacement
WHID 2007-30: Microsoft UK site defaced	SQL Injection	Defacement
WHID 2007-21: Belgian Defense Ministry site defaced by Turks	SQL Injection	Defacement
WHID 2007-20: Pirate Bay breach leaks database	SQL Injection	Leakage of Information
WHID 2007-18: Microsoft.com defaced	SQL Injection	Defacement
WHID 2007-12: SQL injection at knorr.de login page	SQL Injection Cross Site Scripting (XSS)	Disclosure Only
WHID 2006-48: SQL Injection Used to Steal Information from "Life is Good"	SQL Injection	Disclosure Only
WHID 2006-3: Russian hackers broke into a RI GOV website	SQL Injection
WHID 2006-27: SQL Injection in incredibleindia.org	SQL Injection	Disclosure Only
WHID 2006-22: SQL injection in a banking application	SQL Injection	Disclosure Only

Attack Method

Outcome

WHID 2008-18: Winzipices SQL bot

SQL Injection

Bots and Worms

Planting of Malware

WHID 2008-17: Hackers' posts on epilepsy forum cause migraines, seizures

SQL Injection

Defacement

Physical Pain

WHID 2008-15: ValueClick to Pay $2.9 Million to Settle FTC Charges

SQL Injection

Monetary Loss

WHID 2008-06: Hackers Take Down Pennsylvania Government

SQL Injection

Defacement

Planting of Malware

WHID 2008-04: RIAA web site cleared

SQL Injection

Denial of Service

Cross Site Scripting (XSS)

Defacement

Downtime

WHID 2008-01: Information stolen from geeks.com (Updated)

SQL Injection

Leakage of Information

WHID 2007-84: Soccer league's online shoppers get kicked by security breach

SQL Injection

Leakage of Information

WHID 2007-82: An SQL injection Mass Robot

SQL Injection

Planting of Malware

WHID 2007-81: MSNBC Turkish site caught serving malware

SQL Injection

Planting of Malware

WHID 2007-79: Infamous Russian malware gang used SQL injection to penetrate US government sites

SQL Injection

Planting of Malware

WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection

SQL Injection

Defacement

WHID 2007-60: The blog of a Cambridge University security team hacked

Insufficient Authentication

Known Vulnerability

SQL Injection

Downtime

WHID 2007-51: 570 Scarborough & Tweed customers' personal information accessed by SQL injection

SQL Injection

Leakage of Information

WHID 2007-47: Commerce Bank, a US regional bank, hacked

SQL Injection

Leakage of Information

WHID 2007-38: Gentoo takes server offline due to security vulnerabilities

OS Commanding

SQL Injection

WHID 2007-37: United Nations VS SQL Injections

SQL Injection

Defacement

WHID 2007-30: Microsoft UK site defaced

SQL Injection

Defacement

WHID 2007-21: Belgian Defense Ministry site defaced by Turks

SQL Injection

Defacement

WHID 2007-20: Pirate Bay breach leaks database

SQL Injection

Leakage of Information

WHID 2007-18: Microsoft.com defaced

SQL Injection

Defacement

WHID 2007-12: SQL injection at knorr.de login page

SQL Injection

Cross Site Scripting (XSS)

Disclosure Only

WHID 2006-48: SQL Injection Used to Steal Information from "Life is Good"

SQL Injection

Disclosure Only

WHID 2006-3: Russian hackers broke into a RI GOV website

SQL Injection

WHID 2006-27: SQL Injection in incredibleindia.org

SQL Injection

Disclosure Only

WHID 2006-22: SQL injection in a banking application

SQL Injection

Disclosure Only

Latest Stories

WAFs are not perfect, but is any security tool perfect? (Feb 9th 2010)
Forrester estimates the WAF market to be $220M in 2010 (Feb 9th 2010)
ModSecurity exceptions for TYPO3 (Jan 20th 2010)
Presentation about WAFs in the cloud (Jan 15th 2010)
The curse of PCI for WAFs (Jan 11th 2010)
A New Year, a New Acronym (Jan 10th 2010)
A Remote Command Injection Vulnerability Applicure's dotDefender Site Management. (Dec 10th 2009)

Navigation

Subscribe:

Xiom is the place to find information about Web Application Firewalls (WAFs) including reviews, analysis, announcements and research. Tune to the RSS channel to get every bit of information or subscribe to the newsletter to receive only in depth articles.

Xiom also leasd and hosts the Web Hacking Incidents Database, a Web Application Security Consortium project aimed at maintaining a list of web applications related security incidents.

Xiom is a community web site lead by Ofer Shezaf.

WHID

The Web Hacking Incident Database

List of Web Hacking Incidents: SQL Injection

The Web Hacking Incidents Database

WAF Resources

Latest Stories

Navigation