Just a couple of days ago we reported that the MPAA’s website was vulnerable to an XSS attack, which left it displaying torrents from The Pirate Bay. This time a flaw has been discovered in the RIAA’s site, which now allows it to display TorrentFreak’s latest articles.
A cross-site scripting (XSS) attack is a kind of security vulnerability typically found in web applications which allows code to be injected into web pages. The ‘cross site’ element explains how a malicious website could load another site into a frame, giving the appearance that the data all originates from the target site.
Last year we reported that the RIAA’s website had suffered an XSS attack and just a couple of days ago we revealed how the MPAA site was vulnerable to an XSS attack too, one which left it embarrassingly displaying torrents from The Pirate Bay.
Now it is the RIAA’s turn (again) to suffer the same fate. Vektor, who also discovered the MPAA site exploit, told TorrentFreak that he had managed to find a security hole in RIAA.com too. He demonstrated this by using an iframe – an HTML element which makes it possible to embed an HTML document inside another HTML document – TorrentFreak for example.
RIAA.com featuring TorrentFreak
As with the MPAA site exploit, Vektor explains that his work on the RIAA site is a proof of concept and should be taken as a joke.
We’re sure the RIAA and MPAA coders will be laughing heartily as they try to plug these holes.