Quantcast

Obama’s Site Hacked; Change Comes From XSS

Cross-site scripting flaw enabled embarrassing redirect

Get the WebProNews Newsletter:
[ Business]

Cross site scripting exploited within the website for Illinois Senator and Presidential hopeful Barack Obama caused visitors to the blog section to be redirected to rival Hillary Clinton’s site.

On Saturday night, things were not all right for Obama’s site visitors. Those who tried to visit the community section of those pages found themselves at an entirely unwanted destination – the website to elect Hillary Clinton to the Presidency.

A video on YouTube showed the redirection in action. Zennie Abraham, who runs a company called Sports Business Simulations, discovered the problem when trying to reach his blog on the Obama site.

“This is serious because it means Senator Clinton could also unethically poach donors from the Obama campaign via online website redirects like this,” he wrote. “Terrible and unethical.”

Abraham also pointed out the site had been developed by Blue State Digital, a design firm that has created numerous sites for Democratic candidates and like-minded people and businesses. A flaw in Obama’s site could be present in others designed by the firm.

Someone identifying themselves as Mox from Liverpool, IL, claimed to be responsible for the attack on the Obama website. “All I did was exploit some poorly written HTML code,” wrote Mox.

By putting certain characters in the blog’s name when creating it on Obama’s site, the characters become part of the URL. Put the right characters in it, and if they aren’t sanitized by the application creating the blog, a cross-site condition would come into being.

Mox’s explanatory post ends abruptly, so it isn’t known if the individual confessed to doing this in support of the Clinton candidacy or not. However, Mox claims the flaw has been fixed on the site.

Obama’s Site Hacked; Change Comes From XSS
Top Rated White Papers and Resources
  • http://www.naughtynoe.com Naughty

    This is terrible politics. I don’t know if this is done with the consent of Mrs.Clinton. But who ever did this has caused more damage to Mrs.Clinton than good. :(

    • Guest

      perhaps this person just did it to do it.

      this isn’t some bad tv movie where the candidate hires the hacker is it?

      why do hackers do it, cause it can be done.

      • Guest

        amen. what better place to direct it then obama’s major opposition. this has nothing to do with hillary. personally i find it all pretty funny.

  • http://www.tabletennisdb.com arthur

    It’s sad that such easily preventable vulnerabilities are affecting high-profile sites like presidential candidate websites.

  • http://pyrmontvillage.com.au/ Pyrmont

    This is terrible news. Does anyone know how long this hack was in place for?

  • Beautiful

    Shame on you HRC! I’ll never vote for you…

  • http://www.SoyLaCalle.com Gary

    Wouldn’t this have been more useful if you had clearly explained the hack, or shown us precisely what not to do on our sites?

  • http://www.seochampion.com/seoblog Guest

    I guess Obama has good SEO and SEM guys, but he needs to find the best hacker out there top stop the hacking.

     

    I am not a hacker, but I follow the news.