FirstBlood-#1678 — 3 stored XSS in meet drs.php
This issue was discovered on FirstBlood v3
On 2022-12-13, twsec Level 2 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hi Sean, i found 3 stored XSS in meet_drs.php in the fields : name, tagline, and bio.
steps to reproduce:
1- in /api/managedoctors.php modify the data you want and in the fields:
name, tagline,and bio insert some javascript
add the payload as seen in the image.
Notice that such code didn't execute in edit-doctor.php
2- goto /meet_drs.php and you'll see 3 consecutive xss execute.
check the source of the page with developer tools
and you'll see the 3 stored XSS.
P2 High
This report contains multiple vulnerabilities:
FirstBlood ID: 75
Vulnerability Type: Access_control
An unauthenticated user can modify doctors via a PUT request on the /api/managedoctors.php endpoint
FirstBlood ID: 70
Vulnerability Type: Stored XSS
Doctors can have taglines set however the tagline is vulnerable to stored XSS on meet_drs.php
FirstBlood ID: 74
Vulnerability Type: Stored XSS
It is possible to achieve stored XSS via the doctors bio on about.php (doctor ID 3) and meet_drs.php (only doctor ID 1 and 2 are affected)
FirstBlood ID: 54
Vulnerability Type: Stored XSS
It is possible to achieve stored XSS on the /meet_drs.php endpoint via a malicious doctors name