Hackere kan bruke Adblock Plus-filtre for lagring av malware-kode

I populær annonseblokkering er Adblock Plus funnet sårbarhet som tillater organisering av JavaScript-kodeytelse.

JS-code can be executed in case of usage unchecked filter, adoptert av inntrengere (For eksempel, mens tilkobling til side-regler eller gjennom erstatning av regler i MITM-angrep).

Authors of lists with filter sets can organize performance of their code in context of web-sites that user opens through adding lines with “rewrite” operator that makes substitution of URL-part. Rewrite operator does not enable substituting of a host in URL though allows freely manipulate with inquiry arguments. Substitution by tags as script, object and subdocument is blocked but text can be used for replacement.

likevel, code performance can be achieve another way. Some websites, gjelder også Google Maps, Gmail Og Google Images, apply technique of dynamic JavaScript-blocks download that is transited in a form of naked text. Except hosts that enables redirecting, attack can also be accomplished against services that allows users’ content accommodation.

Suggested method involves only pages that dynamically download lines with JavaScript code and then perform them. Another important limitation is necessity of redirect using or placement of random data on a page of initial server that gives resource.

Fixing of an issue is on a preparatory stage. Adblock and uBlock also encounter this problem.

Adblock Plus developers assess possibility of real attacks as low as they censor all changes in service rules list and seldom practice connection of side lists.

Kilde: www.adblockplus.org/blog

Polina Lisovskaya

Jeg jobber som markedssjef i mange år nå og elsker å søke etter interessante emner for deg

Legg igjen et svar

Tilbake til toppen-knappen