Header Ads

Blogger's New 0day 2012 ~ Hack Blogger Based Blogs

In the past few days we all are seeing many famous website's sub domains getting hacked, according to the people its a 0day in Blogger, but i real its not actually a vulnerability its a mistake of the admin of the blog.

Some bloggers create sub domains for there blog like somthing.hackingsec.in, but suppose if I create a sub domian like http://test.hackingsec.in/ just for fun, that domain which I made for fun can be a problem for me, how? Lemme explain it. Whenever we create a sub doamin we enter ghs.google.com for redirecting our .blogspot to our custom domain.

In this attack we use a sub domain which is created by the admin and the admin don't use it, so anyone can add it on there on own blog and put their deface page. Suppose I created a sub domain abc.hackingsec.in and its not in use, so when you will try to access it you will see the following.

That means admin is not using that sub domain, and is left unsed, so we will be hacking through that unsed sub domain.

Goto click here , create a new blog, and put your deface page in the template and save it. Now, goto settings>publishing>custom domain>advanced settings > and put that unsed sub domian there and save it.
Now goto that sub domain and you will see your deface xD
Powered by Blogger.