Hotgloo XSS Filter Bypassed

Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.

I was interested in the search box of the help page.

View post on

What ever we pass through the search box will be echoed back to the client.

Search Results for
<span>-- </span>

This made me fuzz around to get something interesting. Let’s give a direct XSS payload and check the output.

View post on

Seems like HTML chars are being converted to HTML entities. But I was interested in fuzzing more and more. After some time I gave a one null byte character and checked the output.

help?btn_search=3&q=%00<svg/onload="prompt('XSS by Osanda')">

W00t! We have our payload nicely interpreted on the client side.

View post on

So here we go XSS!

View post on

I was also able to find three more issues apart from this XSS 🙂

Hoe you enjoyed reading this short write-up.

4 thoughts on “Hotgloo XSS Filter Bypassed

Leave a Reply