A vulnerability in Google AdSense: Automatic extraction of links to ads

Abstract

On the basis of the XSS (Cross Site Scripting) and Web Crawler techniques it is possible to go through the barriers of the Google Adsense advertising system by obtaining the validated links of the ads published on a website. Such method involves obtaining the source code built for the Google java applet for publishing and handling ads and for the final link retrieval. Once the links of the ads have been obtained, you can use the user sessions visiting other websites to load such links, in the background, by a simple re-direction, through a hidden iframe, so that the IP addresses clicking are different in each case.