HostGator is one of the leading Web hosting provider found to be vulnerable to Non-Persistent Cross Site scripting vulnerability. The vulnerability was discovered by Indian Security Researcher "Manjot Gill". The finding was intially published in one of my Friend Aarshit Mittal Security News portal Cyber-N.
The Researcher Manjot discovered the vulnerability in Subdomain of Hostgator. He also claimed that lot of sites hosted in Hostgator are vulnerable to.
Poc for the Subdomain XSS:
http://www.cluster2.hostgator.co.in/"><script>alert("HACKED BY ICH ")</script>Aarshit Mittal analyzed the finding and he discovered few more interesting things.
Search for "site:.hostgator.co.in", you will get more than 64,600 results. All of those subdomains are affected by this vulnerability. For Example take the first site from the result, "chahat.hostgator.co.in". It is affected by the XSS.
POC:
chahat.hostgator.co.in/"><script>alert(document.cookie)</script>Also, you can search for the list of sites hosted by searching for the IP dork in Bing. For Instance , search for "ip:119.18.48.78" in Bing will result the list of affected sites.
You can find the rest of vulnerable sites by changing the ip from "119.18.48.12" to "119.18.48.86".
Also the main domain is also affected by this vulnerability:
http://www.hostgator.co.in/"><script>alert(document.cookie)</script>
The affected sites are created and hosted via the IndiaGetOnline (www.indiagetonline.in). "Get India Business Online" is an initiative by Google that allows you to create a website for your business in 15 minutes, for free. HostGator is providing you with hosting, their leading site building tool, and support.
All the sites created by Hostgator "Site building tool" are affected by this vulnerability because of the main "site building" site(hostgator.co.in) itself affected by this security flaw.
