Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion
We've received information that the likely common vector for how the web sites were compromised appears to be through the use of Dreamweaver.

There is not a flaw in Dreamweaver that was exploited.  It was a case of lazy programming on the parts of site developers who did not do a good job of "input validation" so attackers were able to do "sql injection" attacks.
David

78 Posts

Sign Up for Free or Log In to start participating in the conversation!