Cross-site scripting vulnerabilities see two political websites hacked

News by Dan Raywood

Political websites have been hacked over the past 24 hours to leave leaders with red faces.

Political websites have been hacked over the past 24 hours to leave leaders with red faces.

A report on BBC News said that visitors to Spain's EU presidency website were greeted by an image of comedy character Mr Bean instead of the Spanish Prime Minister Jose Luis Rodriguez Zapatero.

The government said that the site - - had not been attacked and that a hacker had taken a screenshot of the homepage to make a photo montage using a cross-site scripting (XSS) vulnerability. Visitors found an image of Mr Bean complete with a benign smile and the words ‘Hi there'.

Rik Ferguson, senior security advisor at Trend Micro, said that the compromise only lasted a few hours until the original content was restored and site administrators were reportedly working on a fix.

He said: “In this instance there does not appear to have been any malicious intent, but the dangers of XSS vulnerabilities should not be underestimated. Cross-site scripting vulnerabilities allow attackers to inject code into innocent web pages in which it would not otherwise appear.

“The real problem is that many website admins are unaware of the dangers, and even some security companies continue to underestimate and downplay the importance of XSS vulnerabilities and attacks.”

Ferguson also flagged a compromise on the official website of President Ahmadinejad of Iran. He said that the site is currently hosting a file called ‘owned.txt' at the URL, that reads: “Dear God, in 2009 you took my favourite singer – Michael Jackson, my favourite actress – Farrah Fawcett, my favourite actor – Patrick Swayze, my favourite voice – Neda. Please, please, don't forget my favourite politician – Ahmadinejad and my favourite dictator – Khamenei in the year 2010. Thank you.”

Ferguson said that no further details are yet available on how the compromise happened or who is responsible.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews