FirstBlood-#121 — Reflected XSS via Javascript Scheme
This issue was discovered on FirstBlood v1
On 2021-05-10, smhtahsin33 Level 3 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hello,
I Found a Reflected XSS on http://firstbloodhackers.com:49394/login.php via the go back to previous url functionality. The Parameter ?ref=
is vulnerable to Open Redirection & Reflected XSS at the same time :)
Steps To Reproduce:
- Visit http://firstbloodhackers.com:49394/login.php?ref=jav%09ascript:confirm`xss`;
- Click on the Return to Previous Page Button.
- The javascript will be executed.
Impact:
Malicious Javascript Injection
P3 Medium
Endpoint: http://firstbloodhackers.com:49394/login.php
Parameter: ?ref=
Payload: jav%09ascript:confirm`xss`;
FirstBlood ID: 3
Vulnerability Type: Reflective XSS
The parameter "ref" is vulnerable to XSS on login.php. The developer has tried to prevent a malicious actor from redirecting to a javascript URI but the attempt to stop this was poor and thus it can be bypassed.
Report Feedback
Creator & Administrator
Nice find again :)