Fergie's Tech Blog

Netcraft: Clinton and Obama XSS Battle Develops

While Clinton and Obama are battling it out in the political arena, security researchers are continuing to find vulnerabilities in the candidates' and supporters' websites. Interestingly, while a typical exploit is to redirect one party's site to their opponent's, the reasons for seeking to discover such vulnerabilities are not always politically motivated.

Following the recent cross-site scripting attacks against Barack Obama's website, Finnish security researcher Harry Sintonen has published an example of a cross-site scripting vulnerability on votehillary.org.

Sintonen's example submits a POST request to the Vote Hillary website and injects an iframe, causing the site to display the contents of Barack Obama's website. Unlike the Obama incident, which redirected the user's web browser, Sintonen's method retains the votehillary.org URL in the address bar while displaying the opposing website.

posted by Fergie @ 4/24/2008 12:42:00 PM