During HITBAMS2012 , Israeli Security Researcher Nir Goldshlager demonstrated a rare and interesting HTTP Parameter Pollution issue in Blogger service which allowed anybody to gain administrative privileges on any blogger blog.


Here's the write-up done by him : Nir Goldshlager Web Application Security Blog: Gaining Administrative Privileges on any Blogger.com Account, 1337$ (Google Reward Program)


And the accompanying video demonstrating the proof-of-concept work: