More Political "Pranks": Obama Website Hacked

Got this from ChannelWeb, “Obama Website Hacked: Users Redirected to Clinton Campaign.” Here’s some details:

The attack, which took advantage of a cross site scripting vulnerability on Obama’s Website, was launched on the eve of Pennsylvania’s Democratic National Primary, which closes this evening. The attack was detected quickly Monday evening and shut down shortly thereafter.

While details of the prank are still unclear, experts say they believe the attacker took advantage of parts of the Obama campaign site, such community blog postings and political forums, which allows users to post extensive and varied content.

When a user contributes to an online discussion board, the text is stored in a database, and is then rendered onto the Web browser windows of the users visiting the site. However, instead of posting legitimate text to the Website, the attacker posted actual code. When users visited Obama’s site and viewed the corresponding post, the Web browser executed the corresponding source code which it tried to interpret.

In this case, the attacker posted common HTML code that enabled the person trying to view the post to be immediately redirected to Hillary Clinton’s Web site.

Update: Here’s the same story, but from the Washington Post computer security blog.