The Egyptian security expert Mazen Gamal Mesbah (@) has discovered a critical CSRF (Cross-site request forgery) vulnerability in the free weblog publishing tool Blogger.com. The vulnerability could be exploited by an attacker to write posts in any blog hosted in the popular publishing architecture Blogger, and the post could be public for everybody.
Potentially any blog is exposed to the risk of hacking attacks, an attacker could obtain full control on the publishing platform and disseminate its content, including links to malicious websites it manage to spread malware or for phishing purposes.
The vulnerability is really serious and it is very easy to exploit against any blog. Below the video POC released by the expert.
Below the steps followed by the researcher to discover the flaw:
(Security Affairs – Google Blogger, CSRF )