/    Sign up×
Community /Pin to ProfileBookmark

javascript & src=

Copy linkTweet thisAlerts:
Jun 12.2005

I recently came across a site that had this code:

<script language=”Javascript” src=”http://www.mt-download.com/mtrslib2.js”></script>

My question is, can this be initiated from a site other than what’s listed in the code?

Could this be run from [url]http://www.domain-of-choice.com?[/url]

It is a security breach in my book, but I’m on the paranoid side anyway. If someone were trying to hack into systems to create a botnet, and they could trick people into clicking on this link, it could download enough code so that they could compromise someone’s system, yes?

Thank you in advance.

to post a comment
JavaScript

1 Comments(s)

Copy linkTweet thisAlerts:
@phpnoviceJun 12.2005 — Yes, the JavaScript source may be downloaded from a site different from which the referencing document came. No, I don't think this is a concern for the savvy individual. Site spoofing (to which I think you're referring) cannot be accomplished by changing from where the JavaScript source is obtained. Site spoofing a link or a webpage means that the initial link or web page is from a site other than that which is apparent merely by viewing the content [U]around[/U] the link or [U]in[/U] the web page. That is where the savvy individual cannot be caught out.

Where sensitive online sites (anywhere you access accounts online) are concerned... Before clicking any link, observe what is displayed in the status bar of your email or browser client window. If the status bar displays nothing, don't click the link. If the status bar doesn't display the site name of which you are intimately familiar, don't click the link. Where email is concerned, you're much better off not clicking [B][I][U]any[/U][/I][/B] link -- period. Better to close the email and manually use your browser to go to the site in questoin. ?
×

Success!

Help @TRaef spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...