Tuesday, December 14, 2010

New XSS on Barack Obama website







Proof of concept:

http://my.barackobama.com/page/content/change_email?cons_id=1007850763&email1=XSS

http://my.barackobama.com/page/content/change_email?cons_id=1007850763&email1=Redirect


http://speakout.barackobama.com/p/dia/action/public/?action_KEY=155&Source=20101209_ms_dadt_da&Zip=XSS

See also my old post: Obama website XSS Defacement

No comments: