Blogger Vulnerability Allows Attacker to Gain Admin Privileges Back to Top
News Ticker

Blogger Vulnerability Allows Attacker to Gain Admin Privileges

at
Jaimin is the Co-Founder of Technolicious, where he is currently the Editor, User Interface Analyst and Search Engine Optimizer. He is a student of Computer Applications and blogs about anything related to software and web applications, he finds worth sharing.

A blog post and video surfaced today showing how an attacker could quickly and easily gain administrative privileges to your Blogger account. The video does show off some complex techniques, but could easily be duplicated.

 

The hacker who posted it goes by the name of Nir Goldshlager, an Avnet information security specialist, posted his vulnerability for the world to see. Goldshlager did mention that this was for the Google Vulnerability Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.

 

The seven minute video, Goldshlager posted shows how he successfully gained access to a blogger account by adding himself as an author (without the administrator’s approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content of the victims blog.

 

The blog doesn't mention if this vulnerability has been patched by Google or if Google is still unaware of the problem.

 

 

Other posts by Jaimin Rajani: