Manchester Chelsea Everton Vulnerable

There is no number we can put to the combine following of Manchester United, Manchester City & Everton. These football clubs have millions and millions of worldwide following. While these clubs be divided by their fans and beliefs, there is something that unites these clubs: a security vulnerability! Yes, you heard it right. A critical security vulnerability was found by a researcher in the websites of all these clubs.

Meet Robbie

Robbie is a British security researcher who is expert at finding Cross Site Scripting (XSS) vulnerabilities in websites. He participates in bug-bounty programs of various companies.  A month ago, he decided to check security status of the websites of various football clubs and ended up finding XSS vulnerabilities in:

  • Chelses Club’s Main Website
  • Everton Club’s Main Website
  • Everton FC’s Web Shop
  • Chelsea’s Megastore
  • Manchester United’s Main Website

Apart from the above, Robbie has also found some critical vulnerabilities in ASK.com, a famous car dealership CMS system and even SkySports. The quickest find being the one in car dealership CMS which took him just two minutes to find. Though, it took a few months for developers to fix the bug.

Robbie

XSS Vulnerability in Famous Football Clubs

  • XSS in Chelsea
    Chelsea XSS
  • Manchester United XSS
    Manchester United XSS
  • XSS in Everton
    Everton XSS

Consequences of XSS

XSS is often regarded as a ‘low hanging fruit’ in web security industry. This is because it is easy to find XSS in websites and modern day web apps seem to have a lot of it. But this doesn’t mean that XSS should be taken lightly, which it often is by developers. A few direct consequences of XSS in websites of clubs like Chelsea, Manchester United and Everton include:

  • Targeted attacks on website users to compromise their personal data (username, passwords, session data)
  • If the XSS is stored, a mass attack on all the users of the websites
  • Changing of website flow as per hacker convenience

While these might only a few consequences, XSS holds many more angles to it. To learn more about XSS, it’s consequences and how to prevent you can refer to the detailed article here.

 

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Astra Team

We are on a mission to make web a more secure place, one website at a time!

2 Comments

  1. This is interesting really, You’re a very skilled blogger.
    I’ve joined your feed and look forward to seeking more of your wonderful post.
    Also, I’ve distributed your web site in my internet sites!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close