Sunday, October 31, 2010

Obama website XSS Defacement

Barack Obama website vulnerable to cross-site scripting,redirect and html injection

Poc:
http://my.barackobama.com/page/content/benefitsofreform?state=WI&email=XSS

http://my.barackobama.com/page/spud?type=getm&field=firstname,lastname,email,zip&jsonp=Redirect


http://my.barackobama.com/page/content/benefitsofreform?state=WI&email=HTML

















Note: This is a only proof of concept and it doesn't reflect the views or interests of above site!

Mirror: http://www.xssed.com

1 comment:

thetestmanager said...

Talking of barackobama.com

Wonder if a Dev is using the site to gain SEO for their own domain?

fdb.barackobama.com - Redirect?