Home Uncategorized Critical CSRF flaw in Blogger that allows to write posts on any Blog [Fixed]

Critical CSRF flaw in Blogger that allows to write posts on any Blog [Fixed]

Critical CSRF flaw in Blogger

Critical CSRF flaw in Blogger that allows to write posts on any Blog
Critical CSRF flaw in Blogger that allows to write posts on any Blog 
Blogger is the most famous Blogging platform and almost all the bloggers starts blogging from the blogger platform. But One Egyptian security expert have found the most critical Vulnerability in the Blogger.com!
Egyptian security expert Mazen Gamal Mesbah have Found Cross Site Request Forgery (CSRF) in Publishing the new articles on any blog powered by blogger. All the blogger blogs where vulnerable to this critical CSRF flow.

Checkout GitHub Bug Bounty Program 

By Exploiting this Critical CSRF in Blogger an attacker can publish any type of content on on blog that runs on blogger platform.
The only thing needed to publish a content on any blog is blogger id and its very easy to get blogger id of any blog.

Video Proof of concept of this Critical Blogger Vulnerability

Blogger is owned by the Google and Google have a Bug Bounty Program using which information security researchers can submit the vulnerability and get rewarded by them.

Timeline Of Vulnerability Reported to Google.

2/9/2014 – Vulnerability was found by the information security researcher
2/9/2014 – Got positive response from Google Security team.
3/9/2014 – Critical CSRF on Blogger fixed by the Google Security Team
4/9/2014 – Security Researcher Received $3133.7 reward from Google.
Load More Related Articles
Load More By hfs
Load More In Uncategorized

Check Also

Screen Mirroring s7 – Connect your Samsung Galaxy s7 or s7 Edge to TV

Have you ever wondered that how can you watch your pics and videos of your Samsung Galaxy …