Blogger Vulnerability Exposed, Allows Attacker to Gain Admin Rights

A blog post and video surfaced today showing how an attacker could quickly and easily gain administrative privileges to your Google owned Blogger account.The hacker, Nir Goldshlager, an Avnet information security specialist, posted his vulnerability for the world to see. Goldshlager did mention that this was for the Google Reward Program, where someone who successfully […]

A blog post and video surfaced today showing how an attacker could quickly and easily gain administrative privileges to your Google owned Blogger account.

The hacker, Nir Goldshlager, an Avnet information security specialist, posted his vulnerability for the world to see. Goldshlager did mention that this was for the Google Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.

In the seven minute video, Goldshlager show how he successfully gained access to a blogger account by adding himself as an author (without the administrators approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content on the victims blog.

[Source]