Results 1 to 8 of 8

Thread: Blogger Critical Vulnerability, Gaining Administrative Privileges on any Blogger.com Share/Save - My123World.Com!

  1. #1

    Blogger Critical Vulnerability, Gaining Administrative Privileges on any Blogger.com

    Hi Security Community,

    I found a critical bug in Blogger, That allow an attacker to gain administrative control over any blogger account,

    Full Disclosure Link:

    http://www.nirgoldshlager.com/2011/0...vilege-on.html


    Video:


    Best Regards

    Nir.Goldshlager

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    That's impressive goldshlager.
    I saw your this reporting couple of days back on metasploit mailing list .
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  3. #3
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Hey thats an awsome piece of hack , thanks for sharing with us
    Hacking Is a Matter of Time Knowledge and Patience

  4. #4
    Yep a great example of HPP injection attack. Some guys in garage were not clear about the application of this technique earlier in HPP injection thread, so this bug will better make u understand the technique..."vinnu"
    Last edited by "vinnu"; 03-14-2011 at 04:33 PM.

  5. #5
    mind blowing man you deserve more than 1337

  6. #6
    Yeah Nir Its really impressive since i know you from last 6 to 8 months u were exellent in CSRF too congo for this .....

  7. #7

    Thank you guys :).

    .................

  8. #8

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •