14 DAY TRIAL // A hacker has defaced David Beckham's website by inserting a "fail" image into the header. It's not immediately clear why the soccer star was targeted.
The image depicts a dog trying to eat from a bowl shown in a wall poster. The image is accompanied text reading "FAIL," probably a connection to the FAIL Internet meme.
Another message under the picture reads "ScooterDaShooter = FAIL." Searching for this alias on the Internet reveals profiles on gaming sites.
It's not sure if this is the hacker's own handle or the nickname of someone he tried offend. A connection to the LA Galaxy soccer player couldn't be established.
It's not clear how the hacker managed to insert the image into the header, but the fact the website's title is misaligned manner clearly suggests that the image is out of place.
One of the possibilities is the hacker obtaining access to the site's backend by exploiting an SQL injection vulnerability to steal the administrative credentials from the database.
Another option is the existence of a remote file injection (RFI) vulnerability which allowed the attacker to replace the real header image with his own. The image is hosted in the uploads folder.
The CMS platform used on the site seems to be a custom one. It often happens that custom platforms have vulnerabilities as their security is not constantly reviewed like in the case of public projects. They don't get often security updates either.
The website remains defaced at the time of writing this article and Beckham's last blog entry is dated March 23, 2011. It's not clear if the site's administrators are even aware of the problem.
Fortunately, there isn't any malicious content being served though the hacked website. The hacker's intention doesn't seem to have been to attack the soccer player's fans.
