InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

trade doubler XSS

https://forums.informaction.com/viewtopic.php?t=3334

Page 1 of 1

trade doubler XSS

Posted: Fri Dec 11, 2009 10:22 am
by Derek Knight
How can I set up an exception to allow trade doubler with XSS in noscript

I use their contextual ads on my website so they will send keywords etc back

I want to keep XSS enabled for normal surfing etc but dn't want continual alerts on visiting my site

This is what I get on pop up if I select allow
UNSAFELY reloading a suspicious

GET [http://cxt.tradedoubler.com/kwsearch?cs ... l)metaDesc
ription(cd,emulation,software,daemon,tools,alcohol)metaKeywords(php,mysql,bulletin,board,free,open)h
2(welcome,spykiller)h3(this,%3E%3E%3E%3Esee,weeks,special,offers,from,shop%3C%3C%3C%3C,insight)bold(
this,help,malware,removal,donate,daemon,tools,have,software,alcohol,site,before,spykiller,spyware,ge
neral,computer,emulation,topic,would,nothing)body(this,help,with,tools,malware,part,topic,read,remov
al,software,windows,your,search,spykiller,http,from,posting,emulation,daemon,alcohol,driver,these,si
te,track,webgains,html,wglinkid%3D88754%26wgcampaignid%3D22620,%3E%3E%3E%3Esee,weeks,special,offers,
insight,need,register,cleaning,computer,take,general,takes,time,prepare,instructions,before,down,der
ek,quote,rootkit,infections,steps,emulators,which,also,machine,microsoft,file,complete,follow,enter,
terms,submit,form,thespykiller,home,admin,profile,messages,calendar,members,logout,board,language,de
utsch,english,advertise,href%3D,click,target%3D,_blank,%3E%3Cimg,src%3D,link,width%3D,height%3D,alt%
3D,border%3D)a(1262921)size(468x60)format(4,6,7)]

FROM [http://thespykiller.co.uk/index.php/topic,8973.0.html]
this is from console
I and many other website owners rely on teh small amount of commission we get from adverts & is there some way to by default allow trade doubler in the same way as teh XSS exceptions for yahoo & google contextual ads apply ( I expect you will also see this with Bing as well as more MSN/Bing ads start to appear on websites as they gradually roll out the publisher program )

Re: trade doubler XSS

Posted: Fri Dec 11, 2009 4:35 pm
by Giorgio Maone
Try to add the following line to the NoScript Options|Advanced|XSS exceptions box:

Code: Select all

^http://cxt\.tradedoubler\.com/kwsearch\?

Re: trade doubler XSS

Posted: Fri Dec 11, 2009 5:32 pm
by Derek Knight
Thanks that did it
it wouldn't accept the first ? before http
this worked
^http://cxt\.tradedoubler\.com/kwsearch\?

Re: trade doubler XSS

Posted: Fri Dec 11, 2009 6:11 pm
by Giorgio Maone
Derek Knight wrote:it wouldn't accept the first ? before http
Sorry for the typo, fixed.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited