About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

DOM XSS through ads- 751

Bemodtwz - HackerOnePosted 4 Years Ago
  • Ads are dynamically loaded onto a website by some sort of ad network. Since the ads want to understand the website it is loaded on, the URL of the hosting page is added into the ad source.
  • When adding the domain of the page to the website, there is no validation done on this logic. As a result, XSS can occur. For instance, within pwt.js, the function displayCreative will execute to display the ad. This is done by calling document.write directly to write the ad int the page of Urban Dictionary. Since the document.write does not escape the single quote, the string can be escaped, leading to JavaScript execution.
  • The author claims that this vulnerability effected many different ads on the website. That is fascinating that so many places were vulnerable to the same attack; I wonder if they used the same template or something? Even though Urban Dictionary did not do much wrong, the host of the ad messed it up.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed