Thursday, April 24, 2008

Netcraft: Clinton and Obama XSS Battle Develops

Via Netcraft.

While Clinton and Obama are battling it out in the political arena, security researchers are continuing to find vulnerabilities in the candidates' and supporters' websites. Interestingly, while a typical exploit is to redirect one party's site to their opponent's, the reasons for seeking to discover such vulnerabilities are not always politically motivated.

Following the recent cross-site scripting attacks against Barack Obama's website, Finnish security researcher Harry Sintonen has published an example of a cross-site scripting vulnerability on

Sintonen's example submits a POST request to the Vote Hillary website and injects an iframe, causing the site to display the contents of Barack Obama's website. Unlike the Obama incident, which redirected the user's web browser, Sintonen's method retains the URL in the address bar while displaying the opposing website.

More here.

Image source: Netcraft


Post a Comment

<< Home