- Nov 10, 2017
- 3,250
An exploit has been discovered that could allow ad blocking filter maintainers for the Adblock Plus, AdBlock, and uBlocker ad blockers to create rules that inject remote scripts into web sites.
With a user base of over 10 million users, injecting malicious scripts would have a huge impact as the scripts would be able to perform a variety of malicious functions such as stealing cookies, login credentials, causing page redirects, or other unwanted behavior.
This is possible through the $rewrite filter option that was added to Adblocker Plus 3.2 in 2018 and then subsequently added to the AdBlock and uBlock extensions.
The $rewrite rule allows you replace a web request that matches a particular regular expression with another URL. The only caveat is that the replacement string must be a relative URL, which means it does not contain a hostname, and when rewritten must be in the same origin domain as the original request.
More information
Adblock Plus Filters Can Be Exploited to Run Malicious Code
An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites.
www.bleepingcomputer.com