Obama site hacked; Redirected to Hillary Clinton

Summary:With a day to go before a critical Pennsylvania Democratic primary, Barack Obama's team has been busy patching security holes.According to Netcraft, a hacker exploited security flaws in Obama's site to redirect traffic to Hillary Clinton's site.

With a day to go before a critical Pennsylvania Democratic primary, Barack Obama's team has been busy patching security holes.

According to Netcraft, a hacker exploited security flaws in Obama's site to redirect traffic to Hillary Clinton's site. Anyone that visited Obama's community blogs section of the site was sent to Clinton.

Someone named Mox confessed to the hack in an Obama community blog:

First, let me explain why I put hacked in quotation marks. It is because e what I did was not hacking in the sense that I burrowed into some dusty served and changed the Obama site and stole all your credit card numbers. All I did was exploit some poorly written HTML code.

So, you may be wondering, I never saw this hacking! Well, apparently someone videotaped it. http://youtube.com/watch?v=NKjomr1Afq0. You may also be wondering, how did you get Hillary's site to appear where Obama's should be. The answer to that is, through the magical world of Cross Site Scripting. http://en.wikipedia.org/wiki/Cross-site_scripting.

You might be wondering, how did you get xss to work here? First, go to your manage blog tab. Then go to Edit Settings. You see how you can put anything you want as a blog URL? Well, its fixed now, but before you could put in any characters you wanted. Including >, ", and

Here's the YouTube demonstration via YouTube. Also see XSSed and Computerworld.

Topics: Security, Browser

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.