Pierluigi Paganini December 15, 2014

A security expert discovered a critical CSRF vulnerability in Blogger.com that allows an attacker to write posts in any blog hosted on the popular platform.

The Egyptian security expert Mazen Gamal Mesbah (@MazenGamal) has discovered a critical CSRF (Cross-site request forgery) vulnerability in the free weblog publishing tool Blogger.com. The vulnerability could be exploited by an attacker to write posts in any blog hosted in the popular publishing architecture Blogger, and the post could be public for everybody.

Potentially any blog is exposed to the risk of hacking attacks, an attacker could obtain full control on the publishing platform and disseminate its content, including links to malicious websites it manage to spread malware or for phishing purposes.

The vulnerability is really serious and it is very easy to exploit against any blog. Below the video POC released by the expert.

Below the steps followed by the researcher to discover the flaw:

• I found the vulnerability in Button of Share Articles in blog as shown in the following picture.
• When I noticed this button I decided to investigate the possible presence of a flaw affecting it.
• When I click on Blogger Share button I noticed the CSRF token the Request, then I tried to bypass the mechanism of authentication based on it.
• I succeded in the trick.
• Once verified the presence of the flaw I wrote an exploit file that could be used against any blog just knowing the Blog ID.
• The Blog ID is easy to retrieve, I discovered an easy way to access it.
• Once completed the exploit I tested it against the Blogger platform and I verified that it was working.

• The timeline for the above vulnerability is reported below:
  2/9/2014 – The vulnerability was found report by the Mazen Gamal Mesbah to Google.
• 2/9/2014 – Google Blogger team provided a positive response admitting the flaw.
• 3/9/2014  – The Vulnerability in the Blogger platform was fixed.
• 4/9/2014 – The expert received a Bounty from Google for a total of $3133.7$.

Mazen Gamal Mesbah is a security researcher from Egypt that is included in many of hall of fame by principal IT companies, including Google, Microsoft, Facebook, Twitter and Yahoo!.

Pierluigi Paganini

(Security Affairs –  Google Blogger, CSRF )