Subscribe to our RSS feed!
Popular » Botched Debate AdWords Case Funny Death By Blogging Wikipedia Rant Craigslist Money Link Bartering

Obama's Site Hacked; Change Comes From XSS


Cross-site scripting flaw enabled embarrassing redirect

Cross site scripting exploited within the website for Illinois Senator and Presidential hopeful Barack Obama caused visitors to the blog section to be redirected to rival Hillary Clinton's site.

On Saturday night, things were not all right for Obama's site visitors. Those who tried to visit the community section of those pages found themselves at an entirely unwanted destination - the website to elect Hillary Clinton to the Presidency.

A video on YouTube showed the redirection in action. Zennie Abraham, who runs a company called Sports Business Simulations, discovered the problem when trying to reach his blog on the Obama site.

"This is serious because it means Senator Clinton could also unethically poach donors from the Obama campaign via online website redirects like this," he wrote. "Terrible and unethical."

Abraham also pointed out the site had been developed by Blue State Digital, a design firm that has created numerous sites for Democratic candidates and like-minded people and businesses. A flaw in Obama's site could be present in others designed by the firm.

Someone identifying themselves as Mox from Liverpool, IL, claimed to be responsible for the attack on the Obama website. "All I did was exploit some poorly written HTML code," wrote Mox.

By putting certain characters in the blog's name when creating it on Obama's site, the characters become part of the URL. Put the right characters in it, and if they aren't sanitized by the application creating the blog, a cross-site condition would come into being.

Mox's explanatory post ends abruptly, so it isn't known if the individual confessed to doing this in support of the Clinton candidacy or not. However, Mox claims the flaw has been fixed on the site.

Digg This! StumbleUpon This!
AddThis Social Bookmark Widget

About the author:
David Utter is a staff writer for WebProNews covering technology and business. Follow me on Twitter, and you can reach me via email at dutter @ webpronews dot com. Why not Mixx this article while you're here?

Comments

Obama Site Hack

Wouldn't this have been more useful if you had clearly explained the hack, or shown us precisely what not to do on our sites?

Clinton Hacker

Shame on you HRC! I'll never vote for you...

Terrible News

This is terrible news. Does anyone know how long this hack was in place for?

Sad...

It's sad that such easily preventable vulnerabilities are affecting high-profile sites like presidential candidate websites.

redirected

it's not that good for election campaign, 

http://www.imavista.com

This is bad..

This is terrible politics. I don't know if this is done with the consent of Mrs.Clinton. But who ever did this has caused more damage to Mrs.Clinton than good. :(

why does everything require consent of the candidate?

perhaps this person just did it to do it.

this isn't some bad tv movie where the candidate hires the hacker is it?

why do hackers do it, cause it can be done.

amen. what better place to

amen. what better place to direct it then obama's major opposition. this has nothing to do with hillary. personally i find it all pretty funny.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
16 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Subscribe to WebProNews


Send me relevant info