http://www.liberal.org.au/
http://www.alp.org.au/

And just in time for the elections, too.



Edited 4 time(s). Last edit at 10/11/2007 04:35AM by bsoric.

Awesome find!

Might be time to create some fake official bulletins and generate some hilarity.

Perhaps pointing out the fact that the sites probably cost taxpayers hundreds of thousands of dollars..

I submitted a link to the Chaser's guestbook, but it got moderated out
:(



Edited 1 time(s). Last edit at 10/11/2007 04:35AM by bsoric.

The liberals caught on and fixed their vulnerability.



Edited 1 time(s). Last edit at 10/11/2007 04:35AM by bsoric.

appears to be fixed after this mornings defacement. perhaps try the cold fusion referrer xss trick i discovered.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

http://www.news.com.au/story/0,23599,22561539-5012863,00.html

Quote
http://www.news.com.au/story/0,23599,22561539-5012863,00.html
Do you know the hacker? Do you know of other examples? Email us at news@news.com.au with reports, tip-offs, and pictures or SMS / MMS 0429 300 245

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

EDIT: another story
http://www.australianit.news.com.au/story/0,24897,22561869-15306,00.html

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 3 time(s). Last edit at 10/10/2007 05:45AM by digi7al64.

Whoa. I came back to this thread after my other website told me someone had searched for "Sla.ckers xss bsoric".
I'm shocked that it was interesting enough for them to report it in the news.



Edited 1 time(s). Last edit at 10/11/2007 04:36AM by bsoric.

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.alp.org.au/action/enews/index.php&task=fast_signup&email=%22%3E%3Cscript%3Ealert('Do%20not%20vote%20for%20us%20for%20we%20have%20major%20security%20issues')%3C/script%3E&x=21&y=14

:)

Edit: http://www.vic.liberal.org.au/default.cfm?action=people&type=%3Cimg%20src=asd%20onError=alert(/SpywareForPresident!/)%3E



Edited 1 time(s). Last edit at 10/10/2007 02:36PM by Spyware.

http://www.zdnet.com.au/news/software/soa/Howard-hacker-off-the-hook-AFP/0,130061733,339282738,00.htm?feed=rss

Quote

AFP agent Nigel Phair -- who earlier this week said Australian organisations tend to "sweep security breaches under the carpet" -- defined hacking as "gaining unauthorised access to a computer or computer network".

\0/

basically this means [and my interpretation is] reflective xss does not consitute hacking in Australia

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

@digi7al64:

I had a read of the cybercrime act a while back, and iirc, it also includes unauthorised access to data, so while I think testing for it may not be illegal, utilising one to steal info, or perform actions (that can probably be construed as unauthorised access) most probably is.

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]