Risk Inside Blogger - Stealing Blog Posts of Blogger sites
Hello Everyone,
I found a nice bug at Blogger which is not new but still vulnerable.We can steal posts from blogs or sites which are hosted on blogger by atom.xml. If we just visit the link www.bloggerdemosite.com/atom.xml in firefox or chrome it redirects to feeds/posts/default?alt=atom but if we open this link Edge browser, edge browser popups and give an option to save.
Steps:
First of all open Edge browser and visit this link
https://www.bloggersite.com/atom.xml?redirect=false&start-index=1&max-results=50
or
https://site.blogspot.com/atom.xml?redirect=false&start-index=1&max-results=50
Change the results to 500 for more posts
https://www.mybloggertricks.com/atom.xml?redirect=false&start-index=1&max-results=500
or
https://www.rafaybaloch.com/atom.xml?redirect=false&start-index=1&max-results=500
Next Edge popups to save atom.xml file.Now click on Save.
Blog Atom.xml file will be downloaded.
Next Login to your blogger account and select or start a new blog and then go to 'settings' and select 'other'.
Now click on 'Import Content' and import the downloaded atom.xml file.
Success.
Impact:
An attacker can steal posts from blogs which are using Blogger.
This is just for educational purpose only.
Comments
Post a Comment