A security expert discovered a critical CSRF vulnerability in Blogger.com that allows an attacker to write posts in any blog hosted on the popular platform.
The Egyptian security expert Mazen Gamal Mesbah (@MazenGamal) has discovered a critical CSRF (Cross-site request forgery) vulnerability in the free weblog publishing tool Blogger.com. The vulnerability could be exploited by an attacker to write posts in any blog hosted in the popular publishing architecture Blogger, and the post could be public for everybody.
Potentially any blog is exposed to the risk of hacking attacks, an attacker could obtain full control on the publishing platform and disseminate its content, including links to malicious websites it manage to spread malware or for phishing purposes.
The vulnerability is really serious and it is very easy to exploit against any blog. Below the video POC released by the expert.
Below the steps followed by the researcher to discover the flaw:
I found the vulnerability in Button of Share Articles in blog as shown in the following picture.
When I noticed this button I decided to investigate the possible presence of a flaw affecting it.
When I click on Blogger Share button I noticed the CSRF token the Request, then I tried to bypass the mechanism of authentication based on it.
I succeded in the trick.
Once verified the presence of the flaw I wrote an exploit file that could be used against any blog just knowing the Blog ID.
The Blog ID is easy to retrieve, I discovered an easy way to access it.
Once completed the exploit I tested it against the Blogger platform and I verified that it was working.
The timeline for the above vulnerability is reported below: 2/9/2014 – The vulnerability was found report by the Mazen Gamal Mesbah to Google.
2/9/2014 – Google Blogger team provided a positive response admitting the flaw.
3/9/2014 – The Vulnerability in the Blogger platform was fixed.
4/9/2014 – The expert received a Bounty from Google for a total of $3133.7$.
Mazen Gamal Mesbah is a security researcher from Egypt that is included in many of hall of fame by principal IT companies, including Google, Microsoft, Facebook, Twitter and Yahoo!.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.