Hostgator Open Redirection And Reflected XSS Vulnerability

Host gator was found vulnerable to Open Redirection & Reflected XSS

Vulnerable URL - https://www.hostgator.in/login.php?action=successful_login&newurl=http://google.com

Vulnerable Parameter = newurl

Impact : Allow attackers to trick the users to redirection to other(attacker) domain which can be use for phishing attacks. Etc.

Vulnerability details was notified to Hostgator Team and Successfully fixed by them.

Vulnerability is now fixed.

POC Video -