Major 0-day found by Shadow008 in Google Blogger software

sha

Shadow008 a Pakistani hacker discovered a major  vulnerability in Google’s blogger software. The vulnerability allows the hacker to hack and deface any website pointing to Google server.

The full process was posted on patebin and can be easily done with not too much IT knowledge. The hacker also defaced several major hacking news website like The hacker news thehackernews.com and sec4ever.com.

http://direct.thehackernews.com/
Mirror: http://zone-h.org/mirror/id/18307796

Hacked: http://mail.sec4ever.com/
Mirror: http://zone-h.org/mirror/id/18312108

Process:

1st) Find a target where as its subdomain or its main domain is pointing to google or blogger server I.P
2nd) If it is pointing to Google Server I.P, You will see a page 100% like this >> http://ghs.google.com/

404. That’s an error.

The requested URL / was not found on this server. That’s all we know.

If that shows, That means its vul to BlogDNS 0day

3rd) Go to http://www.blogger.com/ and Login / Create an account
4th) Create a Blog
5th) Name it anything you want as a subdomain for blogger.
6th) Once blog is created, Go to Settings > Publishing > Switch To Advanced Mod and add that site URL domain. (example:direct.site.com) Please note that it MUST be pointing to google or blogger server I.P.
and Save it.

Clear You cache and go to that sites subdomain which you added. You will see its in your control  .
Now go to Design > Edit HTML > Revert to Classic Template > Add Deface Code There (Switch of Navbar to OFF) and Hit Save, Clear Cache and check site will be defaced  .

Note: I have used Old Blogger Interface, I don’t use the New Blogger Interface as I find the old one more easy

I hope it was clear and understood
Have fun and don’t share

Sites which are hacked using this method:
http://direct.thehackernews.com/
Mirror: http://zone-h.org/mirror/id/18307796

Hacked: http://mail.sec4ever.com/
Mirror: http://zone-h.org/mirror/id/18312108

http://direct.pkhackerz.com/
Mirror: http://zone-h.org/mirror/id/18307953

http://mail.dl4hacks.net/
Mirror: http://zone-hc.com/archive/mirror/8d…t_mirror_.html

Leave a Reply