Security & Code Blog

Security and code discussion, with dissections of recent vulnerabilities discovered as part of vendor bug bounty programmes. Don't forget to participate with comments and feedback!

Admob creative image cross-site scripting vulnerability


Google's vulnerability reward programme gets a lot of attention, and includes not just Google's main websites, but also those of acquisitions older than 6 months. With this in mind, I thought I'd venture off the beaten path and take a look at Admob, one of the world's largest mobile advertising platforms according to Wikipedia.

Admob was acquired by Google for $750 million in November 2009, putting it well beyond the 6 months Google ask to patch up new arrivals, but also giving plenty of time for vulnerabilities to be found and fixed. At first glance things looked fairly good for Admob, but there was a nice little stored XSS waiting a little way under the surface.

RSS Feed

Showing posts from Friday, 19th July 2013.