InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

[Resolved] ClearClick false positive on simfy.de

https://forums.informaction.com/viewtopic.php?t=8341

Page 1 of 1

[Resolved] ClearClick false positive on simfy.de

Posted: Wed Mar 14, 2012 8:38 pm
by MuScript
http://www.simfy.de is a website where you can listen to music which is played via Adobe Flash. To reproduce this issue, you need to be registered, sorry (but it's free). On this website, there are buttons like "play/pause", "next title", a progress bar with which you can seek to a specific position of the song etc. Since I updated NoScript to version 2.3.4, there is a pop-up window by NoScript, which appears when I click at one of those buttons. It says, that I possibly get clickjacked, which is obviously not the case.

Maybe this false positive could be fixed for the next version. Thanks :)

Re: ClearClick false positive on simfy.de

Posted: Wed Mar 14, 2012 9:49 pm
by Giorgio Maone
Could you please use the "Report" button and give me the report ID you get assigned? Thanks.

Re: ClearClick false positive on simfy.de

Posted: Thu Mar 15, 2012 6:48 pm
by MuScript
Sure :)

Report-ID: 311980

Re: ClearClick false positive on simfy.de

Posted: Fri Mar 16, 2012 12:54 am
by Giorgio Maone
Unfortunately I cannot test because it says I'm in a non-supported country (Italy) and I don't have a German proxy at hand (I suppose it's what I would need).

However I made a blind attempt: could you check latest development build 2.3.5rc4 and tell me if it works around your problem?

Re: ClearClick false positive on simfy.de

Posted: Fri Mar 16, 2012 6:27 pm
by therube
I did get the ClearClick warning with 2.3.5rc3 (I believe it was).
Not see any ClearClick warning with 2.3.5rc5.

Though:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf('a', 41156, 1331921713);uf('r', 1517087, 1331921713);&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1
(function anonymous() {uf("a", 41156, 1331921713);uf("r", 1517087, 1331921713);DUMMY_EXPR;})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf%28%27a%27%2C+41156%2C+1331921713%29%3Buf%28%27r%27%2C+1517087%2C+1331921713%29%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1] requested from [http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html]. Sanitized URL: [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQ20tksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQ20QUAAIIAFyCOYwAAAAA.&udj=uf%20%20a%20%2C+41156%2C+1331921713%20%3Buf%20%20r%20%2C+1517087%2C+1331921713%20%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQ20AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1#11047919853104393856].
Proxy: 81.169.182.101:3128
Login from bugmenot as its a cpa ;-).


Bück dich hoch sounded interesting.
Then some Unheilig played. Not a bad playlist.
But the Kraftclub was pretty bla. And Madonna, for get about it.

Re: ClearClick false positive on simfy.de

Posted: Fri Mar 16, 2012 6:37 pm
by Giorgio Maone
therube wrote: Though:

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf%28%27a%27%2C+41156%2C+1331921713%29%3Buf%28%27r%27%2C+1517087%2C+1331921713%29%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1] requested from [http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html]. Sanitized URL: [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQ20tksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQ20QUAAIIAFyCOYwAAAAA.&udj=uf%20%20a%20%2C+41156%2C+1331921713%20%3Buf%20%20r%20%2C+1517087%2C+1331921713%20%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQ20AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1#11047919853104393856].
Just "Mark adnxs.com as untrusted".

Re: ClearClick false positive on simfy.de

Posted: Sat Mar 17, 2012 1:10 pm
by MuScript
I downloaded and installed the latest developer release of NoScript (2.3.5rc6). With this version there's no longer a ClearClick warning. Note, however, that I changed into a virtual machine for that experiment (if this could distort the result).
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited