FirstBlood-#121Reflected XSS via Javascript Scheme
This issue was discovered on FirstBlood v1

On 2021-05-10, smhtahsin33 Level 3 reported:


I Found a Reflected XSS on via the go back to previous url functionality. The Parameter ?ref= is vulnerable to Open Redirection & Reflected XSS at the same time :)

Steps To Reproduce:

  1. Visit`xss`;
  2. Click on the Return to Previous Page Button.
  3. The javascript will be executed.

Impact: Malicious Javascript Injection

P3 Medium


Parameter: ?ref=

Payload: jav%09ascript:confirm`xss`;

FirstBlood ID: 3
Vulnerability Type: Reflective XSS

The parameter "ref" is vulnerable to XSS on login.php. The developer has tried to prevent a malicious actor from redirecting to a javascript URI but the attempt to stop this was poor and thus it can be bypassed.

Report Feedback


Creator & Administrator

Nice find again :)