Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion

Published: 2007-02-07
Last Updated: 2007-02-07 21:41:45 UTC
by David Goldsmith (Version: 1)
0 comment(s)
We've received information that the likely common vector for how the web sites were compromised appears to be through the use of Dreamweaver.

There is not a flaw in Dreamweaver that was exploited.  It was a case of lazy programming on the parts of site developers who did not do a good job of "input validation" so attackers were able to do "sql injection" attacks.
Keywords:
0 comment(s)
Diary Archives