FirstBlood-#1049 — Reflective XSS in appointment feature
This issue was discovered on FirstBlood v3
On 2022-12-08, ayush1098 Level 7 reported:
I have found a Reflected XSS at
/book-appointmentendpoint. While sending the request to
/book-appointment.html, there is a intermediate request and while reading the DOM, we can notice that it is taking a parameter name
redirect_url. We can put any arbitary URL in the parameter and it will redirect us to that URL. I have exploited this to reflected XSS.
Steps To Reproduce:
GO to the
It will alert the domain of the container. We can exploit this to steal cookies of the doctor(still trying to find a way to register)
Note: I mistyped, this is a reflected XSS, not a Stored XSS
Cookie Stealing, Session Hijacking etc..
Thanks & Regards
FirstBlood ID: 46
Vulnerability Type: Reflective XSS
Creator & Administrator
Congratulation, you were the second researcher to discover this!