Threat Center Security News Pwnd by Hillary?
Pwnd by Hillary? Print
Written by Rebecca Mints   
Sunday, 20 April 2008 18:00

Recently a hacker took advantage of a vulnerability in Barack Obama's website that, when users attempted to visit his site, they would be redirected to Hillary Clinton's website. The exploitation would occur when users were trying to view the Community Blogs section of senator's Obama's site and took advantage of an XSS vulnerability.


Someone going by the monicker "Mox" has come forward and taken responsibility for the attack on Obama's website. The hacker from Liverpool, IL posted in the Community Blogs section of Obama's site on Sunday, 4/20. The post read "I am the one who "hacked" Obamas site." The hacker tried to downplay the effort put into it by stating that he just exploited some poorly written HTML code, but then went on to suggest in was an XSS vulnerability that he took advantage of. JavaScript could be injected into pages in the Community Blogs section by letting users enter characters such as > and " and this would then lead to later users executing the the JavaScript.


There is a video on YouTube that displays the attack. On the clip you'll see a user clicking on Community Blog section of Obama's site and then they are redirected to Clinton's site. Zennie62, the creator of the YouTube clip, suggests that "Senator Clinton's staffers possibly hired someone to hack into the Barack Obama website system," but as of yet there is no evidence to substantiate that claim.


According to Mox the vulnerability he exploited has been plugged, but he also states that there are other vulnerabilities on Obama's site that have been identified and are still susceptible to attack. These holes have been listed on xssed.com it's noted that these holes could lead to ways to infect Obama's supporters and site visitors with malware, adware, and spyware.



REFERENCES:
Netcraft
Hacker Redirects Barack Obama's site to hillaryclinton.com

 

WTW Threat Level