FirstBlood-#1146Reflected XSS on
This issue was discovered on FirstBlood v3

On 2022-12-08, mr_xhunt Level 8 reported:

I have found Reflected XSS on doctors.php endpoint in the parameter doctor with a very simple xss payload

Steps to Reproduce:

  1. You need to visit the following link:
  2. The XSS will popup and can be used to leak the Cookies of the Authenticated users

Underlying Issue:

The value of doctor parameter is directly inserted in the javascript code without being sanitized first, thus ' closes the js variable value and then we insert our own alert command and can easily leak the Cookie of the users


The value must be sanitized first with proper escaping.

P3 Medium

Endpoint: /doctors.php

Parameter: doctor

Payload: %27-alert(document.location)-%27

FirstBlood ID: 47
Vulnerability Type: Reflective XSS

The endpoint /doctors.php is vulnerable to reflective XSS via the ?doctor= parameter