What Do Chelsea, Manchester United, Manchester City & Everton have in Common? Security Vulnerabilities in their Websites!
There is no number we can put to the combine following of Manchester United, Manchester City & Everton. These football clubs have millions and millions of worldwide following. While these clubs be divided by their fans and beliefs, there is something that unites these clubs: a security vulnerability! Yes, you heard it right. A critical security vulnerability was found by a researcher in the websites of all these clubs.
Robbie is a British security researcher who is expert at finding Cross Site Scripting (XSS) vulnerabilities in websites. He participates in bug-bounty programs of various companies. A month ago, he decided to check security status of the websites of various football clubs and ended up finding XSS vulnerabilities in:
- Chelses Club’s Main Website
- Everton Club’s Main Website
- Everton FC’s Web Shop
- Chelsea’s Megastore
- Manchester United’s Main Website
Apart from the above, Robbie has also found some critical vulnerabilities in ASK.com, a famous car dealership CMS system and even SkySports. The quickest find being the one in car dealership CMS which took him just two minutes to find. Though, it took a few months for developers to fix the bug.
XSS Vulnerability in Famous Football Clubs
XSS in Chelsea
Manchester United XSS
XSS in Everton
Consequences of XSS
XSS is often regarded as a ‘low hanging fruit’ in web security industry. This is because it is easy to find XSS in websites and modern day web apps seem to have a lot of it. But this doesn’t mean that XSS should be taken lightly, which it often is by developers. A few direct consequences of XSS in websites of clubs like Chelsea, Manchester United and Everton include:
- Targeted attacks on website users to compromise their personal data (username, passwords, session data)
- If the XSS is stored, a mass attack on all the users of the websites
- Changing of website flow as per hacker convenience
While these might only a few consequences, XSS holds many more angles to it. To learn more about XSS, it’s consequences and how to prevent you can refer to the detailed article here.