Expandable ads can be entry points for site hacks

[silversurfer]

Researcher finds XSS vulnerabilities in iframe busters, scripts that power expandable ads that grow and cover a large area of the page.

Ads that expand on a web page to show a larger banner or video containers can be abused as entry points for other hacks, according to new research published this week by Randy Westergren, a Delaware-based security researcher.

Westergren detailed four examples on his blog, showing how an attacker could run malicious code on any site that uses iframe busters from ad networks like Adform, Eyeblaster (Add in Eye), Adtech, and Jivox.

Source: https://www.zdnet.com/article/expandable...ite-hacks/