Creative Coding Catches Presidential Hopeful Off-Guard

By JR Raphael
Contributing Writer, [GAS]

Cross-site scripting is being blamed for a campaign trail hack.

Someone took advantage of weak security to redirect visitors from barackobama.com’s “Community Blogs” section to rival Hillary Clinton’s home page over the weekend.

A user identifying himself as “Mox” claims credit for the move on a post written just before midnight on Obama’s forum:

“I am the one who ‘hacked’ Obama’s site,” he writes. “All I did was exploit some poorly written HTML code.”

Cross-site scripting (or XSS) vulnerabilities let black hats insert their own codes into exposed pages. Obama’s site allowed users to write blog entries that could contain JavaScript code. That can be used to create a redirect effect like the one used this weekend.

While that specific hack has been undone, a videotape of the modified page has now surfaced on YouTube showing the effect the site suffered.

Cross-scripting site XSSed.com also claims Obama’s site has more vulnerabilities and could easily be attacked again, even leading to spyware infections on visitors’ computers.

Advertisements
Advertisement




2 Responses to Creative Coding Catches Presidential Hopeful Off-Guard

  1. He couldn't have just reported it instead of being an ass? I found a SQL injection vuln in Hillary's site in December, but I passed the info on to someone I knew could get it up the chain of command to have it fixed. And yes, it was fixed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.