Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion

Published: 2007-02-07
Last Updated: 2007-02-07 21:41:45 UTC
by David Goldsmith (Version: 1)
0 comment(s)
We've received information that the likely common vector for how the web sites were compromised appears to be through the use of Dreamweaver.

There is not a flaw in Dreamweaver that was exploited.  It was a case of lazy programming on the parts of site developers who did not do a good job of "input validation" so attackers were able to do "sql injection" attacks.
0 comment(s)
Diary Archives