Subscribe by EmailCreative Coding Catches Presidential Hopeful Off-Guard
April 21, 2008 by JR Raphael | 2 commentsBy JR Raphael
Contributing Writer, [GAS]
Cross-site scripting is being blamed for a campaign trail hack.
Someone took advantage of weak security to redirect visitors from barackobama.com’s “Community Blogs” section to rival Hillary Clinton’s home page over the weekend.
A user identifying himself as “Mox” claims credit for the move on a post written just before midnight on Obama’s forum:
“I am the one who ‘hacked’ Obama’s site,” he writes. “All I did was exploit some poorly written HTML code.”
Cross-site scripting (or XSS) vulnerabilities let black hats insert their own codes into exposed pages. Obama’s site allowed users to write blog entries that could contain JavaScript code. That can be used to create a redirect effect like the one used this weekend.
While that specific hack has been undone, a videotape of the modified page has now surfaced on YouTube showing the effect the site suffered.
Cross-scripting site XSSed.com also claims Obama’s site has more vulnerabilities and could easily be attacked again, even leading to spyware infections on visitors’ computers.
- Problem with [GAS] – Can anyone help?
- Upgrade Flash Now: 90 Percent of Windows Hosts Vulnerable
- Presidential Candidates and New Ways of Reaching Out
- 11 Signs Your Presidential Candidate isn’t a Geek
He couldn’t have just reported it instead of being an ass? I found a SQL injection vuln in Hillary’s site in December, but I passed the info on to someone I knew could get it up the chain of command to have it fixed. And yes, it was fixed.
i hope they will be able to fix up the vulnerabilities soon! they do need to invest in some proper vulnerability scanning software!