Hidden in the Share button in the attack: Blogger. com exposure of high-risk CSRF(cross-site request forgery)vulnerability-vulnerability warning-the black bar safety net

2014-12-17T00:00:00
ID MYHACK58:62201457010
Type myhack58
Reporter 佚名
Modified 2014-12-17T00:00:00

Description

The Egyptian security expert Mazen shows Gamal Mesbah on Blogger. com found a high risk of CSRF(cross-site request forgery)vulnerabilities. The vulnerability can allow an attacker in blogger without the knowledge of writing and publishing blogs, while the private blog public. Blogger is Google's big blog service site, it is also the world's first large-scale blog service provider,

Hidden in the Share button in the CSRF vulnerability

The Blogger on the home page there is a button called Blogger Share(blog to share button, the vulnerability is hidden in this button. Click on this button you will send a cross-site request forgery(CSRF request it. An attacker can easily exploit the vulnerability to launch the attack, because he can feel free to write a blog, as far as written content is also completely by his control.

!

Security researchers a vulnerability proof-of-concept video:

Currently Google's security experts have to fix this vulnerability. But it is recommended that bloggers hurry to update the Blogger and keep an eye on their blog content, in order to prevent is an attacker used to spread bad words.