Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
XSS via clickTAG Popularity: 6 Simplicity: 9 Impact: 8 Risk Rating: 8 The flaw just mentioned may seem obvious, uncommon, and/or easily avoidable. This is far from true. Flash has a special variable called clickTAG, which is designed for Flash-based advertisements that help advertisers track where advertisements are displayed. Most ad networks require advertisements to add the clickTAG URL parameter and execute getURL(clickTAG) in their advertisements! A typical ad banner embed or object HTML tags look like this: