A hacker with the name of Nir Goldshlager has posted the information and video showing how an attacker could quickly and easily gain administrative privileges to any Blogger account. The video show off some complex tricks and techniques. Goldshlager did mention that this was for the Google Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.
The seven minute of video by Goldshlager shows how he successfully gained access to a blogger account by adding himself as an author (without the administrators approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content on the victims blog.

The blog doesn't mention if this vulnerability has been patched by Google or if Google is still unaware of the problem, as the exploit was only posted today.

Access Blogger Account by Hack Blogger Vulnerability

A hacker with the name of Nir Goldshlager has posted the information and video showing how an attacker could quickly and easily gain administrative privileges to any Blogger account. The video show off some complex tricks and techniques. Goldshlager did mention that this was for the Google Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.
The seven minute of video by Goldshlager shows how he successfully gained access to a blogger account by adding himself as an author (without the administrators approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content on the victims blog.

The blog doesn't mention if this vulnerability has been patched by Google or if Google is still unaware of the problem, as the exploit was only posted today.

No comments: