Google’s DoubleClick advertising platform has been found vulnerable to Open Redirect attacks, according to the report by security researcher Wang Jing on the Tetraph blog.
Open Redirect vulnerabilities are not included in Google’s Bug Bounty program today due to its thorough measures against attacks leveraging this kind of flaw.
“Since the wide usage of Google DoubleClick.net advertising system, it is very easy for attackers to use those vulnerabilities for spam and phishing,” researcher Wang Jing said via email. “During my test, almost all URLs belong to Google DoubleClick.net” have been found vulnerable.
URL Redirect vulnerabilities could be used to lure users to crafted pages for spam and phishing. URLs from Googleads.g.DoubleClick have also been found vulnerable to Open Redirect, which would allow attackers to craft more powerful attacks related to Google Accounts.
The main issue is that these “vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, e.g. by bypassing their Open Redirect filters(Covert Redirect).”
Wang Jing also proved that third-parties using the DoubleClick platform are affected by the Open Redirect vulnerability. Google, eBay and the New York Times are affected by a Covert Redirect vulnerability based on Googleads.g.doubleclick.net.
Even if redirect vulnerabilities are not as severe as SQL Injection or Cross-Site Scripting (XSS), “it is still a vulnerability thatâ€™s worth attention.”
“We all know the number of Google’s users is so large […] at the same time, large number of companies trust Google’s URLs. So I think it is not good for Google to ignore redirect vulnerabilities,” Wang Jing concluded.
The researcher also published a proof-of-concept video on YouTube in which he demonstrates flawâ€™s existence.