# Exploit Title: Mixed Display Vulnerability in Blogger.com
# Google Dork:site:blogger.com +inurl:/profile
# Date: 06/1/12
# Exploit Author: k3170makan
# Vendor Homepage: https://www.blogger.com
# Software Link: https://www.blogger.com/profile/
# Version: N/A
# Tested on: Ubuntu 10.04

Blogger.com suffers from a mixed display vulnerability. The profile section
of the domain references images that are served over a non-https enabled
channel.

This vulnerability allows attackers to effectively control the source of
images displayed on the page in a man-in-the-middle context or as a result
of any attack that can harmfully augment the resolving of the
blogger.comdomain.

Images requested this way can be replaced,filled with malicious content or
sourced from harmful domains.

-- 
<Keith k3170makan <http://about.me/k3170makan> Makan/>