MPAA Website, Now With Torrents

If it was up to the MPAA, every website with links to copyright infringing files would be banned from the Internet. Perhaps they should take a closer look at their own website first though, since it’s vulnerable to an XSS attack, making it possible to browse The Pirate Bay directly from the MPAA website.

It is no secret that the MPAA and other anti-piracy outfits rather spend their money on lawyers than web-designers or coders. Unfortunately for them this sometimes leads to awkward situations. For example, it turns out that the MPAA website is vulnerable to XSS attacks allowing the public to inject images, frames and all sorts of random code into the site.

About a year ago the RIAA website suffered from a similar vulnerability and was wiped clean. The RIAA fixed the problem within a few hours and eventually all the ‘lost’ content was restored, but not before thousands of people had fun with it.

The XSS vulnerability on the MPAA website was found on the about page where visitors can submit their favorite movie. In the screenshot below it says “thank you for taking the time to share your favorite movie,” which is the actual text that people get to see when they fill out the form. The Pirate Bay logo and the links to the latest movie torrents are obviously not supposed to be there.

It is “a proof of concept that demonstrates an XSS attack on mpaa.org website,” writes Vektor who covered the details in a blog post, adding that it should be taken as a joke. No lies there, as it made us smile indeed.

MPAA.org featuring The Pirate Bay

mpaa xss

Previous Post | Next Post

Follow @torrentfreak

Duo

Mpaa with torrents?

Nu uh :P
Torrentia

heh serves them right. First! (Now to go to learn about piracy first hand from the Mpaa website)
Rabbit80

Lol!
FleazZz

Wow, just wow.
Rabbit80

Maybe they should sue themselves in a Swedish court with a corrupt judge?
celesto

MPAA *lol*
Zush

If only there was a way of dismantling that organization…
ReUpLd

bit of a non story here really
Sol

*evil plan*
Do you think, If someone posted some copyrighted material to the MPAA website using this exploit, would a DCMA takedown notice take the whole site down???? ;)
Rabbit80

Of much more interest is the fact that wolverine just grossed $35 million on its first day – so piracy really harmed sales huh?

http://www.p2pnet.net/story/21207
smell my cheese

i filled that form in with ‘ steal this film’ better than all that hollywood crap!!
Elite P2P

LOL! This is so ironic. A hacker made them become promoters of the very thing that they are trying to abolish.
Pingback: popurls.com // popular today
d2lv

Money Is Truly the one thing on this planet that really does Talk.
Guest

@5

Thats funny
me
Anon

Can’t really do much
Pingback: ?? ??–?????MPAA?????XSS???? « ??IT?????IT???????????????????
LMFAOOOOOOO!!!!!!!

EPIC!
LMFAOOOOOOO!!!!!!!

I just had a thought … wouldn’t it be funny if that douche “Reasoned Mind” was the one really behind this? Hahaha… <3
Dazzer

Unfortunately this will now be counted as a Malicious Attack on MPAA, and they’ll now just have more “evidence” to give to the judge.
Anonymous

lol were is reasoned mind in all of this
Boolean

quick sue them somebody!
Pingback: MPAA Website, Now With Torrents | News Inventory
ZarathustrA

Dazzer, nobody is as stupid as you’re pretending to be. Just stop. :)
RobbingHood

Fail for the MPAA again!

What use have I for their site?

Anti-Piracy? Thats for TF’s for.

Age ratings? Sorry, but parents should be there for that.

Reasearch/Stats? I’ll just look at IMDB/’teh internets’ for that thank you.

Issues? None of any interest at all, apart from the issue that they are a bunch of leeching corporate scumbags.

About us?!! Can’t some nice h4ck3r’s please plaster something appropriate up there?

So, having TPB search on there…WIN.
lol

MPAA <3 TPB
c0rr0sive

Watched the new Xmen movie… Once it hits bluray, I will be downloading… Paid $14 for the ticket… That is the cost of a dvd so.
Neo

Hahaha. Oh man, this is going on my Facebook.
George

Did anyone else notice the torrents that are listed?

BSDM
Terminator

Reasoned Mind will have a lot of trouble reasoning with his mind whether they should sue themselves or not. LOL! . The Pirate bay should sue them for illegally posting links to their torrents without proper approval.
BritSwedeGuy

Now the MPAA has to sue itself and cause the universe to disappear.
someone

lol nice :)
netwiz

imao,that bug still works fine…so anybody want to fix it ?
St0fzguier

haha pwn3d
Benjamin the Donkey

Dont forget. Anyone who makes money off of prostitutes is a pimp.
Except the IRS!
Pingback: You Got Pirate Bay In My MPAA! | Team Teabag! - Home of the Latest Gaming, Technology, and Gadget News, Reviews, and Previews.
Anonymous

great act in response to the anti-piracy group
Dem fan

Shit! It still works:)….
h33t

well done guys

show them they know nothing about the technology they are messing with

http://www.h33t.com knows the missing pirate bay millions will be put to good use fighting this war against ugly imperialism on the free internet
hiphop

This is a complete non-issue, its something each user can do as an exploit to make a webpage shows up as a frame in their site. This article is as stupid as if i saved a page of torrentfreak as a file, replaced an image with porn, and wrote an article about how torrentfreak has porn on the site.

In the past ernesto used to have great articles, but they have gone cmpletely downhill into mindless drabble.

From diguising the wyzo 3 advertisement to claiming pirates are the largest paying consumers of music, he writes articles with deceptive topics and topics when there is nothing real happening merely to fill his quota of two articles a day.

I read torrentfreak for news, not because somebody can make an iframe show up on a website.
Anonymous

Somebody should make their “about us” page goatse.
dnA

No matter how many hacking attempts are made against MPAA & their allies, or exploiting their vulnerabilities, they are currently gaining a favourable position from the governments of different countries. So what do we see ourselves in future.
1.Any activity(legitimate/illegitimate) done using P2P will be called a “criminal activity”. See its already started.(ref. BBC documentary: some days back).
2.ISP’s will be forced to reveal any personal information and innocent people will be harrassed because these guys always have low technical know-how.
Internet

It saddens me to see the Pirate Bay go down. But really MPAA? You can’t control what goes around on the internet… If you outlaw torrents then something better is going to come around and it’s going to be TWICE as hard to make that illegal. Everything on the net should be free because no one really owns the internet.. Oh yeah, your sales are down, my ass… I can only hope this gets better..
Vektor

@41: XSS is their failure to escape user input, not a hacking attempt.
@37: This is a bug in their website, not some edited page that is loaded in a browser. They are easy to be found by anyone and it doesn’t take more than a few seconds to correct them. Do you prefer to be warned about them here or… whould you like to install some new browser plugin / codec to see their website ?
@16, @9: The screenshot is funny but the bug behind it is presented as a warning. MPAA is not affected by this as much as normal users can be. Someone with bad intents can use it to do some evil things like to send fake legal threats or takedown requests that ask you to download infected “legal documents” linked directly from mpaa.org .
Normally we send an e-mail or make a support ticket to warn about these errors and wait until they get fixed before making them public. In this case we haven’t seen any e-mail address on their website or the name of the person or company who designed it. Hiding that information ( http://torrentfreak.com/mpaa-we-were-only-testing-forest-blog/ ) is not the right thing to do especially when problems like this are found.
Pingback: ????MPAA?? « ??IT?????IT???????????????????
Hacker/pirates of the world UNITE

WHY WOULD YOU TELL THEM
The Laugher

Tee hee hee!
Vektor

@44: No matter how hated they are, this bug can be used against anyone. It’s very easy to use something like this to infect others with trojans (“Click here to install MPAA Genuine Advantage Tool”) / steal credit card details / bypass content filters / send fake takedown requests for legal content / etc.
After all, their website is “safe” in all content filters and firewalls and it isn’t blacklisted for spam / malware / etc. Pages from TPB were marked “unsafe” and blocked for less ( http://torrentfreak.com/the-pirate-bay-user-pages-blocked-by-google-090315/ ).
rockyz

sue the MPAA!
demonseth17

hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD
demonseth17

hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD BTW MPAA sucks!
demonseth17

I double post X( sorry I just tried too add something before it was sent…my mistake XD
Reasoned Mind

That’s pretty funny. Great job to the hacker
any682546

very good!
Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | Boycott Novell
Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | Boycott Novell
Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | All about MICROSOFT
Reverend Raging Rabbit

What Happen?
They Set Us Up The Bomb!

Yeah, that’s quite nice. :-)
Pingback: Hackean el sitio de la MPAA y enlazan a las últimas películas subidas en The Pirate Bay
Pingback: Hackean la MPAA, mostrando películas de The Pirate Bay
haha

Added MPAA site to my Torrent-Bookmarks folder. :D
$hadow

This is getting funny each time it passes :>
trancefreak

Mpaa – THE BEST TRACKER I THE WORLD!
Pingback: RIAA.com Hacked… AGAIN! | RIAA SUCKS
Pingback: RIAA Site Features TorrentFreak’s Latest News | InstantIdiocy
Pingback: Mbeshtetes te Pirate Bay, hakmerren! | eklipsi.com
Pingback: Simple Ways Business Owners should use to Accomplish Success | Mogul Review
Pingback: Q8GEEKS.ORG - MPAA WITH TORRENTS!?
herbert

Ja, das ist meine echte email-adresse! Heute Nacht hatte ich das “Vergnügen” mit einem echten Jünger der mainstream-Presse zu kommunizieren. Das Problem, ich kenne diesen Menschen schon mein halbes Leben… Heute NAcht, wurde mir bewußt, dass Menschen, die für sich selbst denken können, in dieser Gesellschaft unerwünscht sind! Das hier ist kein Gelaber von jemanden der zu viel Zeit hat – nein, das hier ist eine Anfrage an Leute, die die Fähigkeit haben, jemanden zu folgen, der diese Gesellschaft in die Knie zwingen wird. Ich will hier keine grauen Mäuse hören – ich will Menschen, die bereit sind dieses Land, durchwachsen von Korruption, brennen zu sehen. Dieser Text ist kein Scherz, kein Spaß – dies ist die letzte Möglichkeit Freiheit zu erkämpfen! Danke.

Yes, that is my real email-address! Tonight, i had the “fortune” to meet a real believer of the mainstream-press. The problem, i knew this men half my life… Tonight, i realized, that people, who think for themselfes, are no longer accepted in this society. This is no chatter of someone with to much time on his hands – no, this is an outcry to people, who have the ability, to follow a movement, that will bring down this system to it’s knees. I don’t want to hear them grey mice complaining – i wan’t people, who whant this land, rotten with corruption, to burn. This text is no joke, no scam – this is the last opportunity to fight for freedom! Thanks.

I am sorry for my bad english – please, correct that text and copy it. Thank you!
AHappyPirate

Listen ThePirateBay.org Ownz you and that is all you need to know
Pingback: Hackean la MPAA, mostrando películas de The Pirate Bay - Gratis Programas, Descarga Freeware, Warez Full, Noticias
Pingback: RIAA Site Features TorrentFreak’s Latest News | IDTorrent Blog
Pingback: Il sito di MPAA craccato: visualizzava Pirate Bay e file torrent - The New Blog Times
Pingback: Notícias « Café com Italo Adriano
Pingback: HADOPI-La riposte des HACKtivistes... - HaKwArA - Forum Maroc

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

MPAA Website, Now With Torrents

MPAA.org featuring The Pirate Bay

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed

The place where breaking news, BitTorrent and copyright collide

Search TorrentFreak

MPAA.org featuring The Pirate Bay

Related Posts

NewsBits

MostDiscussed

CopyQuote

PopularArticles