FirstBlood-#1145Refelcted XSS at doctors.php
This issue was discovered on FirstBlood v3



On 2022-12-08, ayush1098 Level 8 reported:

Hello Team,

Summary:

I have found a reflected XSS on /doctors.php endpoint in the doctor parameter. The value is reflected in the javascript context and we can exploit this to leak cookies etc..

Steps To Reproduce:

  1. Go to this 1505f41680a9-ayush1098.a.firstbloodhackers.com/doctors.php?doctor=xss'-alert(1)-'// endpoint and Voila!!

The magic box will pop-up.

Impact:

Cookie Stealing, Session Hijacking etc..

Thanks & Regards

Ayush Singh

P3 Medium

Endpoint: doctors.php

Parameter: doctor

Payload: '-alert(1)-'//


FirstBlood ID: 47
Vulnerability Type: Reflective XSS

The endpoint /doctors.php is vulnerable to reflective XSS via the ?doctor= parameter