FirstBlood-#1517Reflected xss on edit-doctor.php
This issue was discovered on FirstBlood v3



On 2022-12-10, didsec Level 5 reported:

Hi There

I found a reflected XSS on edit-doctor.php.

The parameter id is missing sensitization

Payload

"><svg/onload=alert(document.domain)>

Steps To Reproduce

  1. Login to drpanel
  2. Visit firstbloodhackers.com/drpanel/edit-doctor.php?id="><svg/onload=alert(document.domain)>

This parameter is reflected in 3 places on the edit-doctor page so the xss will execute 3 times

Impact

  • Perform any action within the application that the user can perform.
  • View any information that the user is able to view.
  • Modify any information that the user is able to modify.
  • Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user..
  • Steal user's cookie.

Remediation

  • encode special characters like ' " < >

Supporting Material/References:

P3 Medium

Endpoint: /drpanel/edit-doctor.php

Parameter: id

Payload: "><svg/onload=alert(document.domain)>


FirstBlood ID: 63
Vulnerability Type: Reflective XSS

The endpoint /edit-doctors.php is vulnerable to reflective XSS via the ?id parameter