Code insertion in Blogger comments

Blogger has an exploit where if certain conditions of the server are met, there is a chance to exploit the server by injecting code within the comments. The code is then executed, allowing malicious intent to ensue.

Under these circumstances, an attacker may inject executable code into the archive page by posting a comment to the weblog because, while Blogger automatically strips most HTML from comments, they do not strip processing instructions. Blogger should be stripping out EVERYTHING between a “<" and the next ">” unless it is one of the allowed HTML tags, or should be stripping all unapproved HTML and converting any remaining “<" characters that aren't part of approved HTML to <.

Via BugTraq