Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Stack)   Google fights back against the hacking method that ad networks made popular. Unfortunately the ad networks will need to give a damn in order for it to work   (thestack.com) divider line
    More: Dumbass, Cross-site scripting, HTTP cookie, JavaScript, toothless CSP, CSP policies, CSP protections, security attack vectors, online tools  
•       •       •

1768 clicks; posted to Fandom » on 27 Sep 2016 at 7:40 PM (4 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



6 Comments     (+0 »)
View Voting Results: Smartest and Funniest
 
2016-09-27 6:31:30 PM  
Does this mean we'll be able to post images without fark's cross-site scripting getting blocked?
 
2016-09-27 7:59:56 PM  
noscript, adblock and ghostery are working great.
 
2016-09-27 9:45:33 PM  
Well that was unsurprisingly free of useful information.

Google doesn't give a damn because they're getting paid no matter what.  If Google actually wanted to change anything, they would do it in about two days.
 
2016-09-27 9:56:25 PM  
Huh, that had some fine reporting.  All this time I thought bad parameters were used to exploit SQL injection, but according to the article, it is XSS.

I guess i'm just going to quit pentesting now and open a cheese shop.
 
2016-09-28 6:29:11 AM  

fang06554: Huh, that had some fine reporting.  All this time I thought bad parameters were used to exploit SQL injection, but according to the article, it is XSS.

I guess i'm just going to quit pentesting now and open a cheese shop.


I'm not sure how XSS can be used for SQL injection?  SQL injection is explicitly sending along requests via HTTP query strings and/or form posts with special characters.
 
2016-09-28 7:36:06 AM  

downstairs: fang06554: Huh, that had some fine reporting.  All this time I thought bad parameters were used to exploit SQL injection, but according to the article, it is XSS.

I guess i'm just going to quit pentesting now and open a cheese shop.

I'm not sure how XSS can be used for SQL injection?  SQL injection is explicitly sending along requests via HTTP query strings and/or form posts with special characters.


Yeah I was being sarcastic.  The only possible use I can think of for SQLi with XSS is if the injection point is behind an admin interface, but that is a highly unlikely attack.

The whole article is full of derp disguised as tech writing.  XSS has nothing to do with ad networks.  While plenty of those pump out malicious JavaScript, they execute in the context of the ad network, not in the context of the main site.  Ad site super cookies have nothing to do with stealing session cookies.
 
Displayed 6 of 6 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking




On Twitter


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.