• Remote code exectution vulnerability. they forgot to disable putenv() in 000webhost. That made it possible to set LD_PRELOAD and get a reverse shell.
  • Internal server side request forgery. It was possible to send GET and POST requests to the internal network if i created a php script with fopen() and fread() on hostinger single shared hosting server.
  • Single Shared Hosting 10gb limit bypass. I noticed when i gotten a shell that they didn't check the /etc directory. this made it possible to write more than 10gb if i written it in the /etc directory.

  • Reflective xss. it was possible to add extra javascript code to the webpage when i sended a <script> tag to the search page when the response was in json.
  • Cross site port attack ( XSPA ). it was possible to make a internal port scan toward the intranet by using a misconfiguration in the forum when someone added a video inside there thread.

  • Reflective xss. It was possible to add extra javascript to the "gids" page by rewriting the parameter "type" and escaping out of the json.

2019 Hackoclipse

KvK-nr.: 69383944