Expanding Website Ads Pose Hacking Risks, Security Researcher Says
0 comments
Security researcher Randy Westergren said this week that expanding web page ads used for displaying large banners or videos can be used as an entry point by hackers to compromise a website.
He said that iframe busters are vulnerable to cross-site requests (XSS) which can allow attackers to run a malicious JavaScript code on the target site. Attackers able to gain this kind of access will theoretically be able to steal user data or more from the site.
While Google has already removed the iframe buster scripts that they had been providing, but many websites still using such scripts downloaded from other sources are still vulnerable.
Source: ZDNet