Skip to content

ESPN Fantasy Football site riddled with security flaws, apparently

Sep 23, 2010, 4:30 PM EDT

1 Comment

I know we’re not exactly talking about hacking into The Pentagon’s computer system here, but should ESPN’s Fantasy Football site allow anyone to add and remove players from any other person’s team? In other words, finally, a fantasy football league that looks like fun! MSNBC’s Matt Liebowitz has the details:

The vulnerabilities exist in the URL the site uses as a final confirmation that a participant must click on when adding a new player to an existing roster. The flaw was discovered by Billy (BK) Rios, who writes about it in a Sept. 22 entry on his blog, at http://xs-sniper.com.

“Unfortunately for the other players in my league, the fantasy football application does a poor job of authorizing checking,” writes Rios. “These poor checks allow me to manipulate the trans parameter to add an arbitrary player to any team’s roster.”


Visit The Wiz Wit for more complete instructions.
My favorite part:

Rios said the ESPN website vulnerability also made it possible to drop players from teams or alter lineups, but he chose not to. Instead, Rios tested the security slip by playing a prank on his competitors, adding notoriously inconsistent Washington Redskins quarterback Rex Grossman to a rival’s squad.

The vicious bastard. That should be a felony.
***
ESPN Fantasy Football site rife with security flaws [MSNBC]
How To Cheat At ESPN Fantasy Football and Never Get Caught [TheWizWit]

Skip to Comments (1)
More Off the Bench
Back to Homepage
  1. BC - Sep 24, 2010 at 10:28 AM

    Can someone please add Aaron Rodgers or Peyton Manning to my roster?

Leave Comment

You must be logged in to leave a comment. Not a member? Register now!

More Off the Bench
Back to Homepage