UPDATED - Domo Arigato: White hat reports vulnerability on Mr. Robot website

Call it an unintentional meta-reference: a promotional website for the computer hacker drama Mr. Robot was found to contain an actual XSS vulnerability.
Call it an unintentional meta-reference: a promotional website for the computer hacker drama Mr. Robot was found to contain an actual XSS vulnerability.

It couldn't have been scripted any better. The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting (XSS) vulnerability, according to a report from Forbes.com.

The hacker, who goes by the palindromic alias Zemnmez, emailed series creator Sam Esmail to report the XSS flaw.

According to Forbes, Zemnmez stated that hackers could have used the vulnerability to inject malicious Javascript capable of stealing user information, including Facebook data that site visitors enter to participate in the website's quiz. The bad actor could have used a simple phishing technique to get victims to click on a malicious link that executes the Javascript code, Zemnmez added.

UPDATE 5/17: Another hacker who goes by the online alias Corenumb has blogged about finding a blind SQL injection vulnerability on the same Mr. Robot website after attempting to register an email address. The hacker reported the issue to the USA Network's parent company NBCUniversal, which patched the flaw just as it did in the previous instance.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS