iBlogthere4iMHacked: How I Hijacked Randy Morin’s blog

30 Sep, 2006  Blog

Update: This was a hoax. April 1st was just too far away. I try to be as honest as possible, and this was a rare occurrence which won’t happen again except on April 1st. The timing accidentally coincided with some well-publicized security vulnerabilities that turned out to be blown out of proportion.

Randy Charles Morin operates a fairly popular blog and services such as Rmail. I noticed some issues with his blog the other day that led me to believe he could be vulnerable to having it hijacked. I tested this theory and as you can see here it is quite vulnerable.

I was able to exploit a buffer overflow in his implementation of RSS in order to insert my own content. I also gained administrative privileges to his blog through another method I discovered. He really shouldn’t have made it so easy for me. I’m trying to be as vague as possible so as not to leave him open to more attacks from others, but I won’t be so generous.

And to those new visitors: Welcome. Take a look around.

This was done with Randy’s permission. He was actually the one who posted things on his site. I never did anything to his site.

2 Comments so far »

  1. inkBlots » Websites hacked through MetaWebLog API Identicon Icon inkBlots » Websites hacked through MetaWebLog API said,

    Wrote on October 3, 2006 @ 12:34 am

    [...] As reported here, there’s another exploit in the wild that allows a hacker to go through the MetaWebLog API and hack your WordPress blog: Jason has found a flaw in any blog that supports RSS and MetaWeblogAPI. At first, I thought that it might have been a flaw that was specific to the software that Randy uses, but as Randy shows, the world’s most popular blogging platform, WordPress, is also vulnerable. He was able to “hack” 5 different blogs, using the Host Overflow Application eXception vulnerability in RSS. [...]

  2. Evert Identicon Icon Evert said,

    Wrote on October 7, 2006 @ 10:03 am

    Hi,

    I am wondering how your attack worked.. and how I can protect myself.. I’m a PHP developer and I have no intention to abuse the information..

    Any chance you can mail me some background information? It’s not a bad idea btw to publish the information anyway, or at least report it to the developers before you do, so they have some time to fix their problems.

    Thanks,
    Evert

Comment RSS · TrackBack URI

Leave a Comment

Name: (Required)

E-mail: (Required)

Website:

Comment: