Security29.09.2015

Google AdSense vulnerability revealed

By Staff Writer

A new paper from Complutense University called “A vulnerability in Google AdSense: Automatic extraction of links to ads” highlights a weakness in the system which makes click fraud possible.

The paper shows how an attacker can circumvent the security barriers of Google Adsense and create a system to automate ad clicking.

“On the basis of the XSS (Cross Site Scripting) and Web Crawler techniques, it is possible to go through the barriers of the Google Adsense advertising system by obtaining the validated links of the ads published on a website,” the paper states.

“Such method involves obtaining the source code built for the Google Java applet for publishing and handling ads and for the final link retrieval.”

“Once the links of the ads have been obtained, you can use the user sessions visiting other websites to load such links, in the background, by a simple re-direction, through a hidden iframe, so that the IP addresses clicking are different in each case.”

The full paper and code used in the research is available here: A vulnerability in Google AdSense: Automatic extraction of links to ads

More on Google

Google Project Aura to replace Google Glass

Four problems Google should tackle

Google OnHub – a different kind of Wi-Fi router

Don't miss the latest news

Show comments

Forum discussion

Latest news

Discovery sends message to South African businesses that want to cut electricity costs

End of a painful era for Telkom

MTN switching off 3G in parts of South Africa

OUTsurance celebrates best overturn ratio in the industry – what it means for you

Two Chinese car makers send a warning to Chery and GWM in South Africa

Major South African fibre network on hiring spree

Apex Interactive strengthens partnership with Turtle Beach to accelerate South African market growth

Makro and Pick n Pay want people’s old batteries and broken gadgets

Tesla is no longer Elon Musk’s most valuable company

More news

South Africa officially withdraws draft AI policy with fake AI sources

Smarter cars are making drivers dumber in South Africa

Anthropic disables powerful AI tool days after release

Avoid high licensing fees by building your own software

Vodacom lifts lid on R12.6-billion fibre deal

Elon Musk becomes the world’s first trillionaire

Fact checking the AIs: Is Afrihost really South Africa’s best ISP?

Facebook hit by outage

DStv breaks its live streaming record in South Africa

Trending news

South Africa’s lights could be switched off from anywhere in the world — Cybersecurity company

Warning to South Africans who want to bet on FIFA World Cup games

Last-minute upgrade caused South African streaming platform to crash before Bafana Bafana’s first World Cup match

The strategy that helped a top South African ISP dominate the market

Eight South African high school students heading to NASA space design competition

Best news from the South African Post Office in 13 years

From cloud spender to cloud investor: a FinOps playbook for Azure

Volkswagen making a huge mistake in South Africa

DStv’s greatest weapon in South Africa

Industry News

South Africa’s digital future starts with school IT infrastructure

Top Paid Marketing Agency in South Africa according to verified reviews

How to Hire the Best AI Software Developers Through Engineering Orchestration

South Africa Has a Spam Call Crisis – And Your Family Is On The Front Line

Crypto, Culture & Connection: Binance Leaders’ First Impressions of South Africa

Poll