Reflected xss on doctors.php

FirstBlood-#1201 — Reflected xss on doctors.php
This issue was discovered on FirstBlood v3

This report has been reviewed and accepted as a valid vulnerability on FirstBlood!

On 2022-12-08, didsec Level 5 reported:


Hi There
I found a reflected XSS on doctors.php. 
The parameter doctor is missing sensitization
Payload
';alert(1)//
Steps To Reproduce
Go to:

https://firstbloodhackers.com/doctors.php?doctor=';alert(1)//

Impact

Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user..
Steal user's cookie. 

Remediation

encode special characters like ' " < >

Supporting Material/References:

https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

This report has been publicly disclosed for everyone to view

P3 Medium

Endpoint: /doctors.php

Parameter: doctor

Payload: ';alert(1)//

FirstBlood ID: 47
Vulnerability Type: Reflective XSS

The endpoint /doctors.php is vulnerable to reflective XSS via the ?doctor= parameter

BugBountyHunter

Payload

Steps To Reproduce

Impact

Remediation

Supporting Material/References: