If it was up to the MPAA, every website with links to copyright infringing files would be banned from the Internet. Perhaps they should take a closer look at their own website first though, since it’s vulnerable to an XSS attack, making it possible to browse The Pirate Bay directly from the MPAA website.
It is no secret that the MPAA and other anti-piracy outfits rather spend their money on lawyers than web-designers or coders. Unfortunately for them this sometimes leads to awkward situations. For example, it turns out that the MPAA website is vulnerable to XSS attacks allowing the public to inject images, frames and all sorts of random code into the site.
About a year ago the RIAA website suffered from a similar vulnerability and was wiped clean. The RIAA fixed the problem within a few hours and eventually all the ‘lost’ content was restored, but not before thousands of people had fun with it.
The XSS vulnerability on the MPAA website was found on the about page where visitors can submit their favorite movie. In the screenshot below it says “thank you for taking the time to share your favorite movie,” which is the actual text that people get to see when they fill out the form. The Pirate Bay logo and the links to the latest movie torrents are obviously not supposed to be there.
It is “a proof of concept that demonstrates an XSS attack on mpaa.org website,” writes Vektor who covered the details in a blog post, adding that it should be taken as a joke. No lies there, as it made us smile indeed.