FirstBlood-#119 — POST Based Reflected XSS on Login
This issue was discovered on FirstBlood v1
On 2021-05-10, smhtahsin33 Level 3 reported:
Hello,
I Found a Reflected XSS on http://firstbloodhackers.com:49394/login.php?action=login.
Steps To Reproduce:
- Visit http://firstbloodhackers.com:49394/login.php?goto=javascript:confirm``;
- Enter Valid Credentials
- Tap on login, and the alert will be popped up.
Impact:
Injection of malicious JS code
P3 Medium
Endpoint: http://firstbloodhackers.com:49394/login.php?action=login
Parameter: ?goto=
Payload: javascript:confirm``;
FirstBlood ID: 14
Vulnerability Type: Reflective XSS
The parameter "goto" is vulnerable to XSS on login.php. The web application fails to filter the javascript URI upon redirecting