Hotgloo XSS Filter Bypassed

Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.

I was interested in the search box of the help page.

What ever we pass through the search box will be echoed back to the client.

<div>
Search Results for
<span>-- </span>
</div>

This made me fuzz around to get something interesting. Let’s give a direct XSS payload and check the output.

Seems like HTML chars are being converted to HTML entities. But I was interested in fuzzing more and more. After some time I gave a one null byte character and checked the output.

help?btn_search=3&q=%00<svg/onload="prompt('XSS by Osanda')">

W00t! We have our payload nicely interpreted on the client side.

So here we go XSS!

I was also able to find three more issues apart from this XSS 🙂

http://hotgloo.com/security/hall-of-fame

Hoe you enjoyed reading this short write-up.

Advertisements

4 thoughts on “Hotgloo XSS Filter Bypassed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s