Cross site scripting exploited within the website for Illinois Senator and Presidential hopeful Barack Obama caused visitors to the blog section to be redirected to rival Hillary Clinton’s site.
On Saturday night, things were not all right for Obama’s site visitors. Those who tried to visit the community section of those pages found themselves at an entirely unwanted destination – the website to elect Hillary Clinton to the Presidency.
A video on YouTube showed the redirection in action. Zennie Abraham, who runs a company called Sports Business Simulations, discovered the problem when trying to reach his blog on the Obama site.
“This is serious because it means Senator Clinton could also unethically poach donors from the Obama campaign via online website redirects like this,” he wrote. “Terrible and unethical.”
Abraham also pointed out the site had been developed by Blue State Digital, a design firm that has created numerous sites for Democratic candidates and like-minded people and businesses. A flaw in Obama’s site could be present in others designed by the firm.
Someone identifying themselves as Mox from Liverpool, IL, claimed to be responsible for the attack on the Obama website. “All I did was exploit some poorly written HTML code,” wrote Mox.
By putting certain characters in the blog’s name when creating it on Obama’s site, the characters become part of the URL. Put the right characters in it, and if they aren’t sanitized by the application creating the blog, a cross-site condition would come into being.
Mox’s explanatory post ends abruptly, so it isn’t known if the individual confessed to doing this in support of the Clinton candidacy or not. However, Mox claims the flaw has been fixed on the site.
