MPAA Website, Now With Torrents
Written by Ernesto on May 02, 2009If it was up to the MPAA, every website with links to copyright infringing files would be banned from the Internet. Perhaps they should take a closer look at their own website first though, since it’s vulnerable to an XSS attack, making it possible to browse The Pirate Bay directly from the MPAA website.
It is no secret that the MPAA and other anti-piracy outfits rather spend their money on lawyers than web-designers or coders. Unfortunately for them this sometimes leads to awkward situations. For example, it turns out that the MPAA website is vulnerable to XSS attacks allowing the public to inject images, frames and all sorts of random code into the site.
About a year ago the RIAA website suffered from a similar vulnerability and was wiped clean. The RIAA fixed the problem within a few hours and eventually all the ‘lost’ content was restored, but not before thousands of people had fun with it.
The XSS vulnerability on the MPAA website was found on the about page where visitors can submit their favorite movie. In the screenshot below it says “thank you for taking the time to share your favorite movie,” which is the actual text that people get to see when they fill out the form. The Pirate Bay logo and the links to the latest movie torrents are obviously not supposed to be there.
It is “a proof of concept that demonstrates an XSS attack on mpaa.org website,” writes Vektor who covered the details in a blog post, adding that it should be taken as a joke. No lies there, as it made us smile indeed.
MPAA.org featuring The Pirate Bay
Previously: Italian Pirate Bay Trial in the Making
Next: Record Label Sponsors BitTorrent Site isoHunt
56 Responses
Mpaa with torrents?
Nu uh :P
heh serves them right. First! (Now to go to learn about piracy first hand from the Mpaa website)
Lol!
Wow, just wow.
Maybe they should sue themselves in a Swedish court with a corrupt judge?
MPAA *lol*
If only there was a way of dismantling that organization…
bit of a non story here really
*evil plan*
Do you think, If someone posted some copyrighted material to the MPAA website using this exploit, would a DCMA takedown notice take the whole site down???? ;)
Of much more interest is the fact that wolverine just grossed $35 million on its first day – so piracy really harmed sales huh?
http://www.p2pnet.net/story/21207
i filled that form in with ‘ steal this film’ better than all that hollywood crap!!
LOL! This is so ironic. A hacker made them become promoters of the very thing that they are trying to abolish.
Money Is Truly the one thing on this planet that really does Talk.
@5
Thats funny
Can’t really do much
EPIC!
I just had a thought … wouldn’t it be funny if that douche “Reasoned Mind” was the one really behind this? Hahaha… <3
Unfortunately this will now be counted as a Malicious Attack on MPAA, and they’ll now just have more “evidence” to give to the judge.
lol were is reasoned mind in all of this
quick sue them somebody!
Dazzer, nobody is as stupid as you’re pretending to be. Just stop. :)
Fail for the MPAA again!
What use have I for their site?
Anti-Piracy? Thats for TF’s for.
Age ratings? Sorry, but parents should be there for that.
Reasearch/Stats? I’ll just look at IMDB/’teh internets’ for that thank you.
Issues? None of any interest at all, apart from the issue that they are a bunch of leeching corporate scumbags.
About us?!! Can’t some nice h4ck3r’s please plaster something appropriate up there?
So, having TPB search on there…WIN.
MPAA <3 TPB
Watched the new Xmen movie… Once it hits bluray, I will be downloading… Paid $14 for the ticket… That is the cost of a dvd so.
Hahaha. Oh man, this is going on my Facebook.
Did anyone else notice the torrents that are listed?
BSDM
Reasoned Mind will have a lot of trouble reasoning with his mind whether they should sue themselves or not. LOL! . The Pirate bay should sue them for illegally posting links to their torrents without proper approval.
Now the MPAA has to sue itself and cause the universe to disappear.
lol nice :)
imao,that bug still works fine…so anybody want to fix it ?
haha pwn3d
Dont forget. Anyone who makes money off of prostitutes is a pimp.
Except the IRS!
great act in response to the anti-piracy group
Shit! It still works:)….
well done guys
show them they know nothing about the technology they are messing with
http://www.h33t.com knows the missing pirate bay millions will be put to good use fighting this war against ugly imperialism on the free internet
This is a complete non-issue, its something each user can do as an exploit to make a webpage shows up as a frame in their site. This article is as stupid as if i saved a page of torrentfreak as a file, replaced an image with porn, and wrote an article about how torrentfreak has porn on the site.
In the past ernesto used to have great articles, but they have gone cmpletely downhill into mindless drabble.
From diguising the wyzo 3 advertisement to claiming pirates are the largest paying consumers of music, he writes articles with deceptive topics and topics when there is nothing real happening merely to fill his quota of two articles a day.
I read torrentfreak for news, not because somebody can make an iframe show up on a website.
Somebody should make their “about us” page goatse.
No matter how many hacking attempts are made against MPAA & their allies, or exploiting their vulnerabilities, they are currently gaining a favourable position from the governments of different countries. So what do we see ourselves in future.
1.Any activity(legitimate/illegitimate) done using P2P will be called a “criminal activity”. See its already started.(ref. BBC documentary: some days back).
2.ISP’s will be forced to reveal any personal information and innocent people will be harrassed because these guys always have low technical know-how.
It saddens me to see the Pirate Bay go down. But really MPAA? You can’t control what goes around on the internet… If you outlaw torrents then something better is going to come around and it’s going to be TWICE as hard to make that illegal. Everything on the net should be free because no one really owns the internet.. Oh yeah, your sales are down, my ass… I can only hope this gets better..
@41: XSS is their failure to escape user input, not a hacking attempt.
@37: This is a bug in their website, not some edited page that is loaded in a browser. They are easy to be found by anyone and it doesn’t take more than a few seconds to correct them. Do you prefer to be warned about them here or… whould you like to install some new browser plugin / codec to see their website ?
@16, @9: The screenshot is funny but the bug behind it is presented as a warning. MPAA is not affected by this as much as normal users can be. Someone with bad intents can use it to do some evil things like to send fake legal threats or takedown requests that ask you to download infected “legal documents” linked directly from mpaa.org .
Normally we send an e-mail or make a support ticket to warn about these errors and wait until they get fixed before making them public. In this case we haven’t seen any e-mail address on their website or the name of the person or company who designed it. Hiding that information ( http://torrentfreak.com/mpaa-we-were-only-testing-forest-blog/ ) is not the right thing to do especially when problems like this are found.
WHY WOULD YOU TELL THEM
Tee hee hee!
@44: No matter how hated they are, this bug can be used against anyone. It’s very easy to use something like this to infect others with trojans (”Click here to install MPAA Genuine Advantage Tool”) / steal credit card details / bypass content filters / send fake takedown requests for legal content / etc.
After all, their website is “safe” in all content filters and firewalls and it isn’t blacklisted for spam / malware / etc. Pages from TPB were marked “unsafe” and blocked for less ( http://torrentfreak.com/the-pirate-bay-user-pages-blocked-by-google-090315/ ).
sue the MPAA!
hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD
hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD BTW MPAA sucks!
I double post X( sorry I just tried too add something before it was sent…my mistake XD
That’s pretty funny. Great job to the hacker
very good!
What Happen?
They Set Us Up The Bomb!
Yeah, that’s quite nice. :-)
Added MPAA site to my Torrent-Bookmarks folder. :D
This is getting funny each time it passes :>
Mpaa – THE BEST TRACKER I THE WORLD!
Ja, das ist meine echte email-adresse! Heute Nacht hatte ich das “Vergnügen” mit einem echten Jünger der mainstream-Presse zu kommunizieren. Das Problem, ich kenne diesen Menschen schon mein halbes Leben… Heute NAcht, wurde mir bewußt, dass Menschen, die für sich selbst denken können, in dieser Gesellschaft unerwünscht sind! Das hier ist kein Gelaber von jemanden der zu viel Zeit hat – nein, das hier ist eine Anfrage an Leute, die die Fähigkeit haben, jemanden zu folgen, der diese Gesellschaft in die Knie zwingen wird. Ich will hier keine grauen Mäuse hören – ich will Menschen, die bereit sind dieses Land, durchwachsen von Korruption, brennen zu sehen. Dieser Text ist kein Scherz, kein Spaß – dies ist die letzte Möglichkeit Freiheit zu erkämpfen! Danke.
Yes, that is my real email-address! Tonight, i had the “fortune” to meet a real believer of the mainstream-press. The problem, i knew this men half my life… Tonight, i realized, that people, who think for themselfes, are no longer accepted in this society. This is no chatter of someone with to much time on his hands – no, this is an outcry to people, who have the ability, to follow a movement, that will bring down this system to it’s knees. I don’t want to hear them grey mice complaining – i wan’t people, who whant this land, rotten with corruption, to burn. This text is no joke, no scam – this is the last opportunity to fight for freedom! Thanks.
I am sorry for my bad english – please, correct that text and copy it. Thank you!
Listen ThePirateBay.org Ownz you and that is all you need to know
20 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.