Blogger.com and the mixed scripting vulnerability

Blogger.com suffers from a mixed scripting/content vulnerability, this domain references multiple scripts and other content types from a non-https enabled channel.

Here's the report:

# Exploit Title: Multiple Mixed Scripting/Content Vulnerabilities in Blogger.com
# Google Dork:site:blogger.com
# Date: 09/1/12
# Exploit Author: k3170makan
# Vendor Homepage: https://www.blogger. com
# Software Link: https://www.blogger.com
# Version: current
# Tested on: Ubuntu 10.04

# site: ...

Blogger.com references multiple resources over a non-https enabled channel while being served over https. These resources are also being referenced from the blogger.com domain, which further increases the risk incurred.
Explanation:

After logging into blogger.com users are presented with the option to view controls,statistics and other awesome tools to manage their blogs. Some of these tools make references to content and scripts not served over https enabled channels with the blogger.com domain.

The template tab makes multiple requests to resources that are not served over an https channel including:

*http://www.blogger.com/blog-post-reactions.g

*http://www.blogger.com/static/v1/jsbin/398477843-rx.js

*http://www.blogger.com/img/checks_sprite.png

*http://www.blogger.com/reviews/json/aggregates

Some of these depend on whether the user has enabled functions like post reactions of course but this should not sway your risk assessment much.

And some screen shots:



html served over a non-https enabled channel

JavaScript being requested over a non-https channel

JSON served over non-https enabled channel

Most of these are pretty easy to pick up just using a simple browser and a text editor.
Anyway, I suspect there are still some of these out there, so get hunting!!

Ciao!