Blogger.com suffers from a mixed content vulnerability due to images being loaded from a non-HTTPS enabled site.
0388aa0f83dc20dc825bdd5c32f0edcfa42255790d56561296e3f86bd469ca25
# Exploit Title: Mixed Display Vulnerability in Blogger.com
# Google Dork:site:blogger.com +inurl:/profile
# Date: 06/1/12
# Exploit Author: k3170makan
# Vendor Homepage: https://www.blogger.com
# Software Link: https://www.blogger.com/profile/
# Version: N/A
# Tested on: Ubuntu 10.04
Blogger.com suffers from a mixed display vulnerability. The profile section
of the domain references images that are served over a non-https enabled
channel.
This vulnerability allows attackers to effectively control the source of
images displayed on the page in a man-in-the-middle context or as a result
of any attack that can harmfully augment the resolving of the
blogger.comdomain.
Images requested this way can be replaced,filled with malicious content or
sourced from harmful domains.
--
<Keith k3170makan <http://about.me/k3170makan> Makan/>