Stored XSS in Google Ads Android Application— $3133.70

Introduction

This article is a write up on how I found a Stored XSS in Google Ads Android Application where I was rewarded with $3133.70 I was waiting for the fix and after discussing with Google Security Team I am disclosing my finding.

Currently I am ranked in Top 200 at Google Hacker’s Ranking ,

--

--

--

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Dynamic Programming — Minimum Cost to Reach the End

KuApe Finance AIRDROP, legit project, reward of 33 dollors for joining, you have to give kcc…

When should use @classmethod in python

Farming Update

3 strategies for effective debugging 🐞

Starting Web Developing from the Scratch

How should we use data integration frameworks to break the dilemma of full lifecycle implementation…

The Start of My Final Project Journey

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ashish Dhone

Ashish Dhone

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

More from Medium

The Tale of a Click leading to RCE

Mobile Security Framework (MobSF) Setup — Kali Linux and Windows

Proof of concept: zero-day- log4j RCE

Log4Shell — Simple Techincal Explanation of the Exploit