Expandable ads can be entry points for site hacks

Randy Westergren

According to a new study released by Delaware-based security researcher Randy Westergren this week, ads on web pages displaying larger banners and video containers are likely to be used as entry points for other hackers Yes.

The researcher says that it has identified several vulnerabilities of iframe filters. This is the name given to the file that the website hosts on the server to support "extended ads".

Advertising companies offer these devices to site owners who place ads from the ad network portfolio. These scripts are unique to each advertiser, but you can also run ads from the container by running JavaScript code that bypasses the browser's Same-Origin Policy (SOP) security feature. Fixed display of the current page, enlarging the display area.

Also, a miserable CSS code crashes and restarts the iPhone.

According to Westergren, many of these iframe nozzle scripts are vulnerable to cross-site request (XSS) vulnerability, so an attacker can use malicious JavaScript You can execute the code. On this site

The damage caused by these attacks depends on the ability of the attacker to create malicious code, but in general, an attacker who can execute JavaScript code at a remote site may technically steal information on users of this site there is.

Researchers claim that they have identified XSS vulnerabilities in most iframe buster scripts that Google has downloaded so far as part of the iFrame Buster multi-vendor kit provided on the DoubleClick AdExchange documentation site .

Westergren uses an iframe filter on ad networks such as Adform, Eyeblaster (Add in Eye), Adtech, Jivox, etc. to see which site an attacker is likely to execute malicious code in detail in four articles explained.

Also, Technical Support cheat finds the location of the Microsoft TechNet page

The researcher notified Google about the iframe iframe segmentation issue of the iframe buster kit and Google engineers removed these scripts in two weeks this January.

Meanwhile, Google ceased offering the download kit, but some of these iframe buster scripts are still vulnerable if downloaded from other sources.


Hope you like the news Expandable ads can be entry points for site hacks. Stay Tuned For More Updates 🙂

The Compsmag is a participant in the Amazon Services LLC Associates Program, which is an affiliate advertising program designed to offer sites a means to earn advertising costs by advertising and linking to Amazon.com.
Compsmag - Reviews, News And Deals!