A blog post and video surfaced today showing how an attacker could quickly and easily gain administrative privileges to your Google owned Blogger account.
The hacker, Nir Goldshlager, an Avnet information security specialist, posted his vulnerability for the world to see. Goldshlager did mention that this was for the Google Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.
In the seven minute video, Goldshlager show how he successfully gained access to a blogger account by adding himself as an author (without the administrators approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content on the victims blog.
[Source]
Recommend this story
Email Newsletter
Missing out on the latest diTii.com news? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before your subscription is activated - please check your spam folder if you don't receive this.
About the AuthorDG