TorrentFreak

The place where breaking news, BitTorrent and copyright collide

MPAA Website, Now With Torrents

If it was up to the MPAA, every website with links to copyright infringing files would be banned from the Internet. Perhaps they should take a closer look at their own website first though, since it’s vulnerable to an XSS attack, making it possible to browse The Pirate Bay directly from the MPAA website.

It is no secret that the MPAA and other anti-piracy outfits rather spend their money on lawyers than web-designers or coders. Unfortunately for them this sometimes leads to awkward situations. For example, it turns out that the MPAA website is vulnerable to XSS attacks allowing the public to inject images, frames and all sorts of random code into the site.

About a year ago the RIAA website suffered from a similar vulnerability and was wiped clean. The RIAA fixed the problem within a few hours and eventually all the ‘lost’ content was restored, but not before thousands of people had fun with it.

The XSS vulnerability on the MPAA website was found on the about page where visitors can submit their favorite movie. In the screenshot below it says “thank you for taking the time to share your favorite movie,” which is the actual text that people get to see when they fill out the form. The Pirate Bay logo and the links to the latest movie torrents are obviously not supposed to be there.

It is “a proof of concept that demonstrates an XSS attack on mpaa.org website,” writes Vektor who covered the details in a blog post, adding that it should be taken as a joke. No lies there, as it made us smile indeed.

MPAA.org featuring The Pirate Bay

mpaa xss

Related Posts

Previous Post | Next Post

  • Duo

    Mpaa with torrents?

    Nu uh :P

  • Torrentia

    heh serves them right. First! (Now to go to learn about piracy first hand from the Mpaa website)

  • Rabbit80

    Lol!

  • FleazZz

    Wow, just wow.

  • Rabbit80

    Maybe they should sue themselves in a Swedish court with a corrupt judge?

  • celesto

    MPAA *lol*

  • Zush

    If only there was a way of dismantling that organization…

  • ReUpLd

    bit of a non story here really

  • Sol

    *evil plan*
    Do you think, If someone posted some copyrighted material to the MPAA website using this exploit, would a DCMA takedown notice take the whole site down???? ;)

  • Rabbit80

    Of much more interest is the fact that wolverine just grossed $35 million on its first day – so piracy really harmed sales huh?

    http://www.p2pnet.net/story/21207

  • smell my cheese

    i filled that form in with ‘ steal this film’ better than all that hollywood crap!!

  • Elite P2P

    LOL! This is so ironic. A hacker made them become promoters of the very thing that they are trying to abolish.

  • Pingback: popurls.com // popular today

  • d2lv

    Money Is Truly the one thing on this planet that really does Talk.

  • Guest

    @5

    Thats funny

  • me
  • Anon

    Can’t really do much

  • Pingback: ?? ??–?????MPAA?????XSS???? « ??IT?????IT???????????????????

  • LMFAOOOOOOO!!!!!!!

    EPIC!

  • LMFAOOOOOOO!!!!!!!

    I just had a thought … wouldn’t it be funny if that douche “Reasoned Mind” was the one really behind this? Hahaha… <3

  • Dazzer

    Unfortunately this will now be counted as a Malicious Attack on MPAA, and they’ll now just have more “evidence” to give to the judge.

  • Anonymous

    lol were is reasoned mind in all of this

  • Boolean

    quick sue them somebody!

  • Pingback: MPAA Website, Now With Torrents | News Inventory

  • ZarathustrA

    Dazzer, nobody is as stupid as you’re pretending to be. Just stop. :)

  • RobbingHood

    Fail for the MPAA again!

    What use have I for their site?

    Anti-Piracy? Thats for TF’s for.

    Age ratings? Sorry, but parents should be there for that.

    Reasearch/Stats? I’ll just look at IMDB/’teh internets’ for that thank you.

    Issues? None of any interest at all, apart from the issue that they are a bunch of leeching corporate scumbags.

    About us?!! Can’t some nice h4ck3r’s please plaster something appropriate up there?

    So, having TPB search on there…WIN.

  • lol

    MPAA <3 TPB

  • c0rr0sive

    Watched the new Xmen movie… Once it hits bluray, I will be downloading… Paid $14 for the ticket… That is the cost of a dvd so.

  • Neo

    Hahaha. Oh man, this is going on my Facebook.

  • George

    Did anyone else notice the torrents that are listed?

    BSDM

  • Terminator

    Reasoned Mind will have a lot of trouble reasoning with his mind whether they should sue themselves or not. LOL! . The Pirate bay should sue them for illegally posting links to their torrents without proper approval.

  • BritSwedeGuy

    Now the MPAA has to sue itself and cause the universe to disappear.

  • someone

    lol nice :)

  • netwiz

    imao,that bug still works fine…so anybody want to fix it ?

  • St0fzguier

    haha pwn3d

  • Benjamin the Donkey

    Dont forget. Anyone who makes money off of prostitutes is a pimp.
    Except the IRS!

  • Pingback: You Got Pirate Bay In My MPAA! | Team Teabag! - Home of the Latest Gaming, Technology, and Gadget News, Reviews, and Previews.

  • Anonymous

    great act in response to the anti-piracy group

  • Dem fan

    Shit! It still works:)….

  • h33t

    well done guys

    show them they know nothing about the technology they are messing with

    http://www.h33t.com knows the missing pirate bay millions will be put to good use fighting this war against ugly imperialism on the free internet

  • hiphop

    This is a complete non-issue, its something each user can do as an exploit to make a webpage shows up as a frame in their site. This article is as stupid as if i saved a page of torrentfreak as a file, replaced an image with porn, and wrote an article about how torrentfreak has porn on the site.

    In the past ernesto used to have great articles, but they have gone cmpletely downhill into mindless drabble.

    From diguising the wyzo 3 advertisement to claiming pirates are the largest paying consumers of music, he writes articles with deceptive topics and topics when there is nothing real happening merely to fill his quota of two articles a day.

    I read torrentfreak for news, not because somebody can make an iframe show up on a website.

  • Anonymous

    Somebody should make their “about us” page goatse.

  • dnA

    No matter how many hacking attempts are made against MPAA & their allies, or exploiting their vulnerabilities, they are currently gaining a favourable position from the governments of different countries. So what do we see ourselves in future.
    1.Any activity(legitimate/illegitimate) done using P2P will be called a “criminal activity”. See its already started.(ref. BBC documentary: some days back).
    2.ISP’s will be forced to reveal any personal information and innocent people will be harrassed because these guys always have low technical know-how.

  • Internet

    It saddens me to see the Pirate Bay go down. But really MPAA? You can’t control what goes around on the internet… If you outlaw torrents then something better is going to come around and it’s going to be TWICE as hard to make that illegal. Everything on the net should be free because no one really owns the internet.. Oh yeah, your sales are down, my ass… I can only hope this gets better..

  • Vektor

    @41: XSS is their failure to escape user input, not a hacking attempt.
    @37: This is a bug in their website, not some edited page that is loaded in a browser. They are easy to be found by anyone and it doesn’t take more than a few seconds to correct them. Do you prefer to be warned about them here or… whould you like to install some new browser plugin / codec to see their website ?
    @16, @9: The screenshot is funny but the bug behind it is presented as a warning. MPAA is not affected by this as much as normal users can be. Someone with bad intents can use it to do some evil things like to send fake legal threats or takedown requests that ask you to download infected “legal documents” linked directly from mpaa.org .
    Normally we send an e-mail or make a support ticket to warn about these errors and wait until they get fixed before making them public. In this case we haven’t seen any e-mail address on their website or the name of the person or company who designed it. Hiding that information ( http://torrentfreak.com/mpaa-we-were-only-testing-forest-blog/ ) is not the right thing to do especially when problems like this are found.

  • Pingback: ????MPAA?? « ??IT?????IT???????????????????

  • Hacker/pirates of the world UNITE

    WHY WOULD YOU TELL THEM

  • The Laugher

    Tee hee hee!

  • Vektor

    @44: No matter how hated they are, this bug can be used against anyone. It’s very easy to use something like this to infect others with trojans (“Click here to install MPAA Genuine Advantage Tool”) / steal credit card details / bypass content filters / send fake takedown requests for legal content / etc.
    After all, their website is “safe” in all content filters and firewalls and it isn’t blacklisted for spam / malware / etc. Pages from TPB were marked “unsafe” and blocked for less ( http://torrentfreak.com/the-pirate-bay-user-pages-blocked-by-google-090315/ ).

  • rockyz

    sue the MPAA!

  • demonseth17

    hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD

  • demonseth17

    hahaha…I hope this made them suffer a little bit…damn aligators, they think they will put in jail the pirate bay admins just like that? haha…damn I should have known I would have help! XD BTW MPAA sucks!

  • demonseth17

    I double post X( sorry I just tried too add something before it was sent…my mistake XD

  • Reasoned Mind

    That’s pretty funny. Great job to the hacker

  • any682546

    very good!

  • Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | Boycott Novell

  • Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | Boycott Novell

  • Pingback: IRC: #boycottnovell @ FreeNode: May 3rd, 2009 - Part 1 | All about MICROSOFT

  • Reverend Raging Rabbit

    What Happen?
    They Set Us Up The Bomb!

    Yeah, that’s quite nice. :-)

  • Pingback: Hackean el sitio de la MPAA y enlazan a las últimas películas subidas en The Pirate Bay

  • Pingback: Hackean la MPAA, mostrando películas de The Pirate Bay

  • haha

    Added MPAA site to my Torrent-Bookmarks folder. :D

  • $hadow

    This is getting funny each time it passes :>

  • trancefreak

    Mpaa – THE BEST TRACKER I THE WORLD!

  • Pingback: RIAA.com Hacked… AGAIN! | RIAA SUCKS

  • Pingback: RIAA Site Features TorrentFreak’s Latest News | InstantIdiocy

  • Pingback: Mbeshtetes te Pirate Bay, hakmerren! | eklipsi.com

  • Pingback: Simple Ways Business Owners should use to Accomplish Success | Mogul Review

  • Pingback: Q8GEEKS.ORG - MPAA WITH TORRENTS!?

  • herbert

    Ja, das ist meine echte email-adresse! Heute Nacht hatte ich das “Vergnügen” mit einem echten Jünger der mainstream-Presse zu kommunizieren. Das Problem, ich kenne diesen Menschen schon mein halbes Leben… Heute NAcht, wurde mir bewußt, dass Menschen, die für sich selbst denken können, in dieser Gesellschaft unerwünscht sind! Das hier ist kein Gelaber von jemanden der zu viel Zeit hat – nein, das hier ist eine Anfrage an Leute, die die Fähigkeit haben, jemanden zu folgen, der diese Gesellschaft in die Knie zwingen wird. Ich will hier keine grauen Mäuse hören – ich will Menschen, die bereit sind dieses Land, durchwachsen von Korruption, brennen zu sehen. Dieser Text ist kein Scherz, kein Spaß – dies ist die letzte Möglichkeit Freiheit zu erkämpfen! Danke.

    Yes, that is my real email-address! Tonight, i had the “fortune” to meet a real believer of the mainstream-press. The problem, i knew this men half my life… Tonight, i realized, that people, who think for themselfes, are no longer accepted in this society. This is no chatter of someone with to much time on his hands – no, this is an outcry to people, who have the ability, to follow a movement, that will bring down this system to it’s knees. I don’t want to hear them grey mice complaining – i wan’t people, who whant this land, rotten with corruption, to burn. This text is no joke, no scam – this is the last opportunity to fight for freedom! Thanks.

    I am sorry for my bad english – please, correct that text and copy it. Thank you!

  • AHappyPirate

    Listen ThePirateBay.org Ownz you and that is all you need to know

  • Pingback: Hackean la MPAA, mostrando películas de The Pirate Bay - Gratis Programas, Descarga Freeware, Warez Full, Noticias

  • Pingback: RIAA Site Features TorrentFreak’s Latest News | IDTorrent Blog

  • Pingback: Il sito di MPAA craccato: visualizzava Pirate Bay e file torrent - The New Blog Times

  • Pingback: Notícias « Café com Italo Adriano

  • Pingback: HADOPI-La riposte des HACKtivistes... - HaKwArA - Forum Maroc

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

    Twitter and Facebook, not to mention the TorrentFreak inbox, are currently alive with complaints that The...

  • Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

    Freedom of speech is a highly valued commodity, but should people be allowed to say whatever...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.