Slashdot Mirror

← Back to Stories (view on slashdot.org)

Campaign Sites Full of Vulnerabilities

Posted by Hemos on from the not-surprising dept.

An anonymous reader writes "Bloggers have been buzzing about the new wave of "Web 2.0" campaign sites, but it seems that a lot of presidential candidates haven't bothered to protect themselves from cross-site scripting attacks. A blogger has found a collection of XSS vulnerabilities including the websites of Barack Obama, Joe Biden, John Edwards, Mitt Romney, John Cox, Newt Gingrich, Tom Tancredo, the Democratic National Committee, and even a surprise from Whitehouse.gov. Some of the holes are low-risk, but others would allow a user's accounts on the affected website to be compromised. A victim would simply have to click on a maliciously crafted link that appears to lead to the candidate's site."

3 of 36 comments (clear)

  1. I dare someone by ReidMaynard · · Score: 3, Funny

    I dare someone to photoshop moustashes on the candidates pics....

    --
    -- www.globaltics.net

    Political discussion for a new world

  2. Re:There are a lot of things that can be done by Spazntwich · · Score: 2, Funny

    This plan sounds about as effective as protecting your website's content by disabling right-click with javascript.

  3. Could be worse by greg1104 · · Score: 2, Funny

    This is nothing compared to all the holes and open ports I found last time I was at the whitehouse.com site.