Wednesday, April 23, 2008

YES WE CAN - get XSSed

By now you’ve probably already seen that some prankster XSS’ed U.S. presidential candidate Barack Obama's community blog redirecting visitors to political rival Hillary Clinton. Fortunately, for whom I’m not quite sure, the hack wasn’t terribly malicious in nature as it could have easily been. The mind can easily wander about what could have been done. Hi-jack login sessions, usernames and passwords, disrupt donations are organization efforts, and possibly even monetize some of the traffic. Hello SE0Wn3D!!1. You know XSS has hit the mainstream when it reaches this level of visibility.

4 comments:

Awesome AnDrEw said...

Months ago I wondered why no one had attempted to, or was successful in finding any vulnerabilities on the presidential candidates' websites. I thought about doing something similar to what was done, but I don't support any political parties, and have no real stance on their issues. I also figured it would draw a lot of unwanted attention, which it seems to have indeed done in this situation.

Rafal said...

Oh yea... I can't WAIT for online voting to become more "mainstream" and used... that way some unavlidated input on a form somwhere, and wham! You're voting for the AntiChrist... lovely huh?

Anonymous said...

As predicted:

http://www.blackhat.com/presentations/bh-dc-08/Friedrichs/Whitepaper/bh-dc-08-friedrichs-WP.pdf

Masood Nasser said...

Jeremy, vous etes geni,
Saw what you have done recently.

How can I get you interested in working on my product. Have asked the team to stop working on the security, This if for you.

We can collaborate, have fun, improve the world, and make tons along the way

cheers
masood