Hotgloo XSS Filter Bypassed

Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.

I was interested in the search box of the help page.

View post on imgur.com

What ever we pass through the search box will be echoed back to the client.

[code language=”html”]
<div>
Search Results for
<span>– </span>
</div>
[/code]

This made me fuzz around to get something interesting. Let’s give a direct XSS payload and check the output.

View post on imgur.com

Seems like HTML chars are being converted to HTML entities. But I was interested in fuzzing more and more. After some time I gave a one null byte character and checked the output.
[code language=”html”]
help?btn_search=3&q=%00<svg/onload="prompt(‘XSS by Osanda’)">
[/code]

W00t! We have our payload nicely interpreted on the client side.

View post on imgur.com

So here we go XSS!

View post on imgur.com

I was also able to find three more issues apart from this XSS 🙂

https://pbs.twimg.com/media/Bl_aiUrCUAA3FVU.png

http://hotgloo.com/security/hall-of-fame

Hoe you enjoyed reading this short write-up.

4 thoughts on “Hotgloo XSS Filter Bypassed

Leave a Reply