[Fixed] ABP $rewrite filter can be exploited to run malicious code

Discussion of topics related to ad blocking.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1617
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

[Fixed] ABP $rewrite filter can be exploited to run malicious code

Post by LanikSJ » Tue Apr 16, 2019 4:48 am

https://www.bleepingcomputer.com/news/s ... ious-code/

I'll file this under sensationalism for the sake of page views. Let's hope I'm not wrong about that. Adding filters to any list to serve malware is even worse then ads you're trying to avoid in the first place. :evil:
"If it ain't broke don't fix it."

okiehsch
uBlock Origin Author
uBlock Origin Author
Posts: 87
Joined: Wed Oct 12, 2016 9:00 pm

Post by okiehsch » Tue Apr 16, 2019 6:45 am

A filter list maintainer has blocked sites for political reasons in the past, so blindly trusting people you don't know is never a good idea.
https://github.com/uBlockOrigin/uBlock- ... issues/285

intense
Contributor
Contributor
Posts: 8900
Joined: Wed Mar 27, 2013 9:56 am

Post by intense » Tue Apr 16, 2019 6:49 am


intense
Contributor
Contributor
Posts: 8900
Joined: Wed Mar 27, 2013 9:56 am

Post by intense » Tue Apr 16, 2019 9:05 am


User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 15263
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 » Tue Apr 16, 2019 10:33 am

•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »
•••► Use vgy.me, imgur.com or imgbb.com to upload your screenshots

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 15263
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 » Wed Apr 24, 2019 1:20 am

The $rewrite Adblock Plus filter option now works for internal redirects ONLY :

https://adblockplus.org/blog/vulnerability-fixed
https://adblockplus.org/releases/adbloc ... a-released
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »
•••► Use vgy.me, imgur.com or imgbb.com to upload your screenshots