On 9 May 2017, a URL that included the words “my plan to fuck the poor” led to a press release about health care on President Donald Trump’s campaign website. Many posted about the URL on social media, believing that the Trump campaign had created it.
The veteran-related Common Defense political action committee said in a tweet they later deleted that it was the “actual URL for Trump’s Healthcare plan,” and included a pair of screenshots:
Common Defense told us in an email that many supporters who pointed the error out to them “assumed that it was a prank by someone disgruntled in the administration.” The group said in a statement:
While the web vulnerability is amusing, it points to a very real and very serious issue: the Trump administration continues to make basic mistakes because of Trump’s failure to hire the best people, staffing his campaign and the White House with opportunists and incompetent cronies instead. The security of our country and of the world depend upon the competence of the people occupying the White House. Trump is not living up to even the minimum standards the American people deserve.
When we tried the URL in question, we were initially directed to another section of the campaign site:
Within hours, however, the URL simply brought up a 404 error.
The URL was created through a vulnerability Reddit users discovered after the administration removed all press releases from the campaign web site. At a 8 May 2017 press briefing, ABC News reporter Cecilia Vega asked White House press secretary Sean Spicer about a 2015 press release in which Trump called for “total and complete shutdown on Muslims entering the United States.” Shortly afterward, that release was scrubbed from the site, along with everything listed under “press releases.”
The deletion came on the same day that the Fourth District Court of Appeals heard oral arguments in a case brought against the administration by refugee advocacy organizations who claim that the president’s executive order banning travel from six Muslim-majority countries violates the First Amendment.
A member of the r/politics board explained the campaign web site’s bug a day before it spread online:
technically they failed at this too…the route to the page still exists…they just blanked the content. https://www.donaldjtrump.com/press-releases/donald-j.-trump-statement-on-preventing-muslim-immigration
if you go to donaldjtrump.com/press-releases/ you can see that they pulled the links to all the press releases but the page still exists. If you use waybackmachine to find the links you will see they are all still active but have the content wiped.
What is even more hilarious is the bug I discovered on his page today. ANY url you go to under /press-releases/ that wasn’t a previously existing page (that has been wiped but not deleted) will take you to his health care plan…what does this mean? It means that you can create absolutely hilarious URLs that actually work:
and it doesn’t even re-write the URL when you get there!
Another fake URL apparently included the words “my plan liquidation of the jewish people.”
We contacted the White House press office seeking comment, but they have not replied.
Rahman, Abid. “Twitter Users Exploit Trump Website Vulnerability to Mock President, Slam GOP Health Bill.” The Hollywood Reporter. 9 May 2017.
Shelbourne, Mallory. “Trump Call For Muslim Ban Deleted From site After Reporter’s Question.” The Hill. 8 May 2017.
“sleazus christ.” “Donald Trump’s ‘Muslim Ban” Disappears from Website After Sean Spicer Questioned About It.” r/politics. 8 May 2017. https://np.reddit.com/r/politics/comments/6a0tqp/donald_trumps_muslim_ban_disappears_from_website/dhaxxz8/