Hotgloo XSS Filter Bypassed

Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.

I was interested in the search box of the help page.

What ever we pass through the search box will be echoed back to the client.

Search Results for
<span>-- </span>

This made me fuzz around to get something interesting. Let’s give a direct XSS payload and check the output.

Seems like HTML chars are being converted to HTML entities. But I was interested in fuzzing more and more. After some time I gave a one null byte character and checked the output.

help?btn_search=3&q=%00<svg/onload="prompt('XSS by Osanda')">

W00t! We have our payload nicely interpreted on the client side.

So here we go XSS!

I was also able to find three more issues apart from this XSS ๐Ÿ™‚

Hoe you enjoyed reading this short write-up.

4 thoughts on “Hotgloo XSS Filter Bypassed

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.