14 DAY TRIAL // The website of the one known as the most powerful man in the world contains major XSS vulnerabilities that can be exploited by hackers who aren't so friendly.
The flaw was announced by someone with higher moral standards, who immediately alerted the site's webmasters, but it could have just as easily been discovered by an enemy of the Whitehouse who could have infected it with all sorts of malicious code.
This is not the first time when the official website of Obama turns out to be vulnerable. According to Acunetix, it was also hacked about a year ago, but that time the cybercriminals wore black hats and took it over.
Vulnerability Lab is an organization that reveals different weak links in popular sites. They were the ones to make public, after the problem was resolved, the fact that the U.S president's personal page is at risk.
As their report details, the attacker who would profit from this “can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing [email protected] mail. Attackers can hijack(steal) backend sessions of the portal users/admins & can send malicious mails by the original postbox.”
This means that anyone could have received emails from the president himself. Now that's what I would call a spam message to frame and hang on the wall.
XSS vulnerabilities, also known as cross-site scripting, allow a hacker to inject malevolent scripts into dynamic web pages, which he can later rely on to gather information from the user on whose machine the script is executed.
The security risk was estimated as being high and as a recommendation, the use of a Web Vulnerability Scanner is the best way to prevent unfortunate events.
The solution proposed by the vulnerability experts consists of restricting the username and email fields and patching up the output sections where the related data is displayed.