Australia: XSS Flaw Makes PM Say: 'I want to suck your blood'

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ZDNet Australia.

[snip]

The Web sites of Australia's two major political parties contain cross-site
scripting (XSS) flaws, which could be exploited to fraudulently acquire
political donations, say security experts.

A short line of script developed by a security enthusiast, Bsoric, causes
the Liberal Party's Web site to read: "John Howard says: I want to suck
your blood", while another script caused a window to pop up on the Labor
Party's Web site, urging viewers to "Vote Liberal!"

[snip]

More:
http://www.zdnet.com.au/news/software/soa/XSS-flaw-makes-PM-say-I-want-to-s
uck-your-blood-/0,130061733,339282682,00.htm

Nice. :-)

And yes, it still works. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHC+xKq1pz9mNUZTMRAiY0AKCEPRAHMBF2NVv3l3lbnybTU5vo/QCg5ubE
Z3JdEaijK/OtKq7FJClIl9U=
=f5Hb
-----END PGP SIGNATURE-----




--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.