Risk Inside Blogger - Stealing Blog Posts of Blogger sites

Steal Blog Posts Blogger


Hello Everyone,


I found a nice bug at Blogger which is not new but still vulnerable.We can steal posts from blogs or sites which are hosted on blogger by atom.xml. If we just visit the link www.bloggerdemosite.com/atom.xml in firefox or chrome it redirects to feeds/posts/default?alt=atom but if we open this link Edge browser, edge browser popups and give an option to save.

Steps:

First of all open Edge browser and visit this link 
 https://www.bloggersite.com/atom.xml?redirect=false&start-index=1&max-results=50
or 

 https://site.blogspot.com/atom.xml?redirect=false&start-index=1&max-results=50

Change the results to 500 for more posts


https://www.mybloggertricks.com/atom.xml?redirect=false&start-index=1&max-results=500
or
https://www.rafaybaloch.com/atom.xml?redirect=false&start-index=1&max-results=500

Next Edge popups to save atom.xml file.Now click on Save. 
Blog Atom.xml file will be downloaded. 
Next Login to your blogger account and select or start a new blog and then go to 'settings' and select 'other'. 
Now click on 'Import Content' and import the downloaded atom.xml file. 
Success.


Impact:

An attacker can steal posts from blogs which are using Blogger. 




This is just for educational purpose only.

Comments

Popular posts from this blog

A Tricky Open Redirect

DoS on WAF Protected Sites by Abusing Cookie

Email Spoofing for Beginners