FirstBlood-#1135Reflected XSS at about.html
This issue was discovered on FirstBlood v3

On 2022-12-08, ayush1098 Level 8 reported:

Hello Team,


Endpoint : /about.html Payload Used : javascript:alert(document.cookie)

I have found a Reflected XSS at /about.html endpoint. While sending the request to /about.html, there is a intermediate request and while reading the DOM, we can notice that it is taking a parameter name return_url. We can put any arbitary URL in the parameter and it will redirect us to that URL. I have exploited this to reflected XSS.

Steps To Reproduce:

  1. GO to the

  2. It will alert the domain of the container. We can exploit this to steal cookies of the doctor(still trying to find a way to register)


Cookie Stealing, Session Hijacking etc..

Thanks & Regards

Ayush Singh

P3 Medium

Endpoint: /about.html

Parameter: return_url

Payload: NA

FirstBlood ID: 45
Vulnerability Type: Reflective XSS

The endpoint about.php was introduced to replace about.html, but code on about.html introduces an XSS vulnerability via the javascript: URI