Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.
I was interested in the search box of the help page.
What ever we pass through the search box will be echoed back to the client.
<div> Search Results for <span>-- </span> </div>
This made me fuzz around to get something interesting. Let’s give a direct XSS payload and check the output.
Seems like HTML chars are being converted to HTML entities. But I was interested in fuzzing more and more. After some time I gave a one null byte character and checked the output.
help?btn_search=3&q=%00<svg/onload="prompt('XSS by Osanda')">
W00t! We have our payload nicely interpreted on the client side.
So here we go XSS!
I was also able to find three more issues apart from this XSS 🙂
Hoe you enjoyed reading this short write-up.