FirstBlood-#121Reflected XSS via Javascript Scheme



On 2021-05-10, smhtahsin33 reported:

Hello,

I Found a Reflected XSS on http://firstbloodhackers.com:49394/login.php via the go back to previous url functionality. The Parameter ?ref= is vulnerable to Open Redirection & Reflected XSS at the same time :)

Steps To Reproduce:

  1. Visit http://firstbloodhackers.com:49394/login.php?ref=jav%09ascript:confirm`xss`;
  2. Click on the Return to Previous Page Button.
  3. The javascript will be executed.

Impact: Malicious Javascript Injection

P3 Medium

Endpoint: http://firstbloodhackers.com:49394/login.php

Parameter: ?ref=

Payload: jav%09ascript:confirm`xss`;


FirstBlood ID: 3
Vulnerability Type: Reflective XSS

The parameter "ref" is vulnerable to XSS on login.php. The developer has tried to prevent a malicious actor from redirecting to a javascript URI but the attempt to stop this was poor and thus it can be bypassed.

Report Feedback

@zseano

Creator & Administrator


Nice find again :)


Respect Earnt: 1500000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.