Blogger’s New DNS 0 Day 2012

Today when i Logged in on My Facebook i saw some High rank website’s subdomains was defaced !
and saw comments There “its DNS 0 day”
so lets come to topic DNS zero day in blogger, actually its not a vulnrablity, its a admin mistake,
many of us made subdomains for our website, like i have http://blog.devilscafe.in , http://media.devilscafe.in
everyone knows about these domains, but i made 2 more domains, http://clicks.devilscafe.in & http://minhal.devilscafe.in. i’ve just made it for a test, and never used these domains on blogger.
in blogger when we create a subdomain we enter value Ghs.google.com
and for redirecting your .blogspot.com domain to your custom domain you need to put value Ghs.google.com.
then we can redirect our blog to custom domain.
in this method we use same way. when admin made a subdomain and its not in use by admin so anyone can add it on thier own blog, and he can put his deface page there
For example i have abc.devilscafe.in and its not in use so when you’ll acess it you’ll get something like this
blogger+dns+0+day.jpg (640×359)
it means domain is not in use,
now goto blogger.com and make a blog there, and put your deface page in template
then goto settings>publishing>custom domain>advanced settings > and put that subdomain there.
now you’ll get your deface page on subdomain there
Recently Hacked website using This Mehod :
Thehackernew, Rafayhacking articles, sec4ecer and many more, Thank god i deleted my useless subdomains on time 😀
Live demo : http://www.a500hacking.com/ I;’ve defaced it just for a example, sorry mr. admin, PM me and i’ll remove domain from my blogger !

Note For Webmasters : delete your extra subdomains, or use them on any blog. and don’t forget to check redirtct abc.com to www.abc.com button ! Happy blogging, Blogger rocks\m/
Thanks for Reading, Please share post to secure Website of your freinds 😀

Confused? Feel free to ask ! 🙂

Read more: Blogger’s New DNS 0 Day 2012

Incoming search terms

Story added 7. September 2012, content source with full text you can find at link above.