FirstBlood-#1145Refelcted XSS at doctors.php
This issue was discovered on FirstBlood v3

On 2022-12-08, ayush1098 Level 8 reported:

Hello Team,


I have found a reflected XSS on /doctors.php endpoint in the doctor parameter. The value is reflected in the javascript context and we can exploit this to leak cookies etc..

Steps To Reproduce:

  1. Go to this'-alert(1)-'// endpoint and Voila!!

The magic box will pop-up.


Cookie Stealing, Session Hijacking etc..

Thanks & Regards

Ayush Singh

P3 Medium

Endpoint: doctors.php

Parameter: doctor

Payload: '-alert(1)-'//

FirstBlood ID: 47
Vulnerability Type: Reflective XSS

The endpoint /doctors.php is vulnerable to reflective XSS via the ?doctor= parameter