Creative Coding Catches Presidential Hopeful Off-Guard

By JR Raphael
Contributing Writer, [GAS]

Cross-site scripting is being blamed for a campaign trail hack.

Someone took advantage of weak security to redirect visitors from barackobama.com’s “Community Blogs” section to rival Hillary Clinton’s home page over the weekend.

A user identifying himself as “Mox” claims credit for the move on a post written just before midnight on Obama’s forum:

“I am the one who ‘hacked’ Obama’s site,” he writes. “All I did was exploit some poorly written HTML code.”

Cross-site scripting (or XSS) vulnerabilities let black hats insert their own codes into exposed pages. Obama’s site allowed users to write blog entries that could contain JavaScript code. That can be used to create a redirect effect like the one used this weekend.

While that specific hack has been undone, a videotape of the modified page has now surfaced on YouTube showing the effect the site suffered.

Cross-scripting site XSSed.com also claims Obama’s site has more vulnerabilities and could easily be attacked again, even leading to spyware infections on visitors’ computers.