funsec mailing list archives
Australia: XSS Flaw Makes PM Say: 'I want to suck your blood'
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Tue, 9 Oct 2007 21:02:05 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via ZDNet Australia. [snip] The Web sites of Australia's two major political parties contain cross-site scripting (XSS) flaws, which could be exploited to fraudulently acquire political donations, say security experts. A short line of script developed by a security enthusiast, Bsoric, causes the Liberal Party's Web site to read: "John Howard says: I want to suck your blood", while another script caused a window to pop up on the Labor Party's Web site, urging viewers to "Vote Liberal!" [snip] More: http://www.zdnet.com.au/news/software/soa/XSS-flaw-makes-PM-say-I-want-to-s uck-your-blood-/0,130061733,339282682,00.htm Nice. :-) And yes, it still works. :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHC+xKq1pz9mNUZTMRAiY0AKCEPRAHMBF2NVv3l3lbnybTU5vo/QCg5ubE Z3JdEaijK/OtKq7FJClIl9U= =f5Hb -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Australia: XSS Flaw Makes PM Say: 'I want to suck your blood' Paul Ferguson (Oct 09)