Searching...
Sunday, 6 January 2013

Critical XSS Vulnerability in Hostmonster making millions of its Hosted Partner Vulnerable

Home » Exposed » securitynews » Critical XSS Vulnerability in Hostmonster making millions of its Hosted Partner Vulnerable
Critical XSS Vulnerability in Hostmonster making millions of its Hosted Partner Vulnerable

Yesterday, where a Indian Researcher Manjot Gill Reported us about XSS Vulnerability in Hostgator India and we researched over it to get to the Core of the Vulnerability today one more Indian Researcher namely Ramneek Sidhu send us a similar Vulnerability in HostMonster , their is a difference in two as Yesterday Reported Vulnerability was making only Domains of India Vulnerable but today Each and every Website Hosted with Hostmoster is Vulnerable to a Persistence Cross Site Scripting attack making millions of hosted Domains from across the World Compromised.

The Researcher send us a Vulnerable sub-domain of Hostmonster -->
http://host104.hostmonster.com/%22%3E%3CSCRIPT%3Ealert%28document.cookie%29%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28%22Evolution%20of%20Revolution%22%29%3C/script%3E%3Cimg%20src=%22http://i49.tinypic.com/1zq7cyp.jpg%20/%22%20/%3E


Now I just did a Research over the Hosted Webserver and after Gathering Information as soon as I Bing the Ip's of Hosted Domains on Hostmonster I was amazed with the Results ...

 ...// Each and Every Website Hosted on Hostmonster is Vulnerable to Cross Site Scripting ...///

POC -->
Go to a Reverse ip portal like we took this 
http://centralops.net/co/DomainDossier.aspx

and search for our Reported link i.e --> http://host104.hostmonster.com

We got --> ip:74.220.207.104

Now just bing it like -->
http://www.bing.com/search?q=ip%3A74.220.207.104&go=&qs=n&form=QBRE&filt=all&pq=ip%3A74.220.207.104&sc=0-0&sp=-1&sk=

Open any Website put up the XSS Script after the Website and done ///
for Example -->
http://vividhbharti.com/%22%3E%3CSCRIPT%3Ealert(document.cookie)%3C/SCRIPT%3E%3CSCRIPT%3Ealert(%22Evolution%20of%20Revolution%22)%3C/script%3E%3Cimg%20src=%22http://i49.tinypic.com/1zq7cyp.jpg%20/%22%20/%3E
We can get more Vulnerable sites from Total of 600 Hostmonster servers which we can reverse ip like we did above as
from http://host10.hostmonster.com to http://host600.hostmonster.com all have Unlimited domains and all Vulnerable
I research further to get to the core of this Vulnerability and finally i got to know the XSS lives in the 404 not found page of Hostmonster --> 

http://www.linkupmedia.com/%22%3E%3CSCRIPT%3Ealert(document.cookie)%3C/SCRIPT%3E%3CSCRIPT%3Ealert(%22Evolution%20of%20Revolution%22)%3C/script%3E%3Cimg%20src=%22http://i49.tinypic.com/1zq7cyp.jpg%20/%22%20/%3E

Labels: ,
Share This To :

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)