FirstBlood-#1289Reflected XSS on /drpanel/edit-doctor.php endpoint in the `id` parameter
This issue was discovered on FirstBlood v3

On 2022-12-09, mr_xhunt Level 8 reported:


While Editing the doctors data, there is a id parameter but we can input any other character and it is being reflected in the source and then bypassed it to get xss.

Steps to Reproduce:

  1. Visit the following link with the payload [note you need to be loggedin as admin] :;//


The attacker can leak the users cookie and takeover their account.

Underlying Issue

The id value is being reflected in the source without being sanitized first


The parameter value must be sanitized before redirect.

P3 Medium

Endpoint: /drpanel/edit-doctor.php

Parameter: id

Payload: ')" autofocus onfocusin=alert(document.cookie);//

FirstBlood ID: 63
Vulnerability Type: Reflective XSS

The endpoint /edit-doctors.php is vulnerable to reflective XSS via the ?id parameter