CEO of Bit Discovery, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Off-Road Race Car Driver, Founder of WhiteHat Security, and Maui resident.
Wednesday, April 23, 2008
YES WE CAN - get XSSed
By now you’ve probably already seen that some prankster XSS’ed U.S. presidential candidate Barack Obama's community blog redirecting visitors to political rival Hillary Clinton. Fortunately, for whom I’m not quite sure, the hack wasn’t terribly malicious in nature as it could have easily been. The mind can easily wander about what could have been done. Hi-jack login sessions, usernames and passwords, disrupt donations are organization efforts, and possibly even monetize some of the traffic. Hello SE0Wn3D!!1. You know XSS has hit the mainstream when it reaches this level of visibility.
Posted by Jeremiah Grossman at 10:53 PM
Subscribe to: Post Comments (Atom)
Months ago I wondered why no one had attempted to, or was successful in finding any vulnerabilities on the presidential candidates' websites. I thought about doing something similar to what was done, but I don't support any political parties, and have no real stance on their issues. I also figured it would draw a lot of unwanted attention, which it seems to have indeed done in this situation.
Oh yea... I can't WAIT for online voting to become more "mainstream" and used... that way some unavlidated input on a form somwhere, and wham! You're voting for the AntiChrist... lovely huh?
Jeremy, vous etes geni,
Saw what you have done recently.
How can I get you interested in working on my product. Have asked the team to stop working on the security, This if for you.
We can collaborate, have fun, improve the world, and make tons along the way
Post a Comment