Their site has been open to a lot of exploits. I tried writing my senator and telling him... guess what, nothing.

Dear Senator Lamar:

We have exchanged ideas in the past; see the below message. I am now writing to report a different issue. Website vulnerabilities in the Senate.Gov and House.Gov website. I am not sure if these have been reported to the proper person as of yet; I did email Senator Corker.

Below is a list of vulnerable urls for senate.gov

URL Redirect needs to be sanitized here: >http://www.senate.gov/cgi-bin/exitmsg?url=www.hackersite.com

Here JAVA is not sanitizing input properly. There may be a chance that this can be used to launch a larger exploit on the servers hosting the website: >http://www.senate.gov/artandhistory/art/common/collection_li...

This is called an XSS (Cross Site Scripting) exploit. Here a person might add malicious code to the page to do what ever the language will allow. >http://www.senate.gov/general/contact_information/senators_c...

Below is a list of vulnerable urls for house.gov

This link suffers the same problem as the first one posted for senate.gov; URL redirect needs to be sanitized: >http://clerk.house.gov/redirect.html?title=Library+of+Congre...

I wanted to bring this to you attention in hopes that it will be fixed. Thank you for your time.

Sincerely,

Christopher Woodall

On 03/01/2010 04:04 PM, Correspondence_Reply@Alexander.senate.gov wrote: > > > > March 1, 2010 > > > Mr. Christopher Woodall > > Dear Christopher, > > Thanks for getting in touch with me and letting me know what's on your > mind regarding identifying medical neccessities of government employees. > > Although no legislation has been introduced in the 111th Congress > regarding this issue, I'm always pleased to consider new ideas that will > benefit the people of Tennessee. These are serious times, and the > willingness of good people to get involved is very important. > Suggestions from my constituents play an important role in determining > what initiatives I will pursue in the Senate, and I'll be sure to > consider the issues you've raised. > > Sincerely, > > Lamar

Looks like a few of the issues have been cleared up. I have more for USAJobs.com and a myriad of government sites. No one listens to regular joes.

There is a webmaster, you can contact them. Senators have no direct control over websites like this, and are unlikely to have the faintest clue what to do about this.

I'm not sure if they would even know what "website vulnerabilities" are.

You are correct. It is better to email their customer support or webmaster if available. Still, many websites have horrible reporting features and even worse response rates.

You're more likely to get in trouble for emailing them that stuff than you are likely to help them. They are itching for people to make an example of.

Is that really the case though?

No.