FirstBlood-#1701 — DoS on about.php, doctors.php and meet drs.php pages due on edit-dr.php
This issue was discovered on FirstBlood v3
On 2022-12-13, agentmellow Level 3 reported:
Lol this is a wierd one.. Due to me not being able to figure out the XSS on where these reflections are found (about.php, doctors.php, meet_drs.php). I was fuzzing and noticed (by blunder I might add) that '<!--' is being accepted as is which will make the page 'hang'.
Note that for a fine chain, CSRF on this form (or default creds) is sweet potatoes.. But.. We can also chain this with: https://www.bugbountyhunter.com/hackevents/report?id=1422 Which would DoS all login attempts via the /login.php to reset the rendered html. As well as the three other ones mentioned.
Steps to reproduce:
- On the POST /drpanel/drapi/edit-dr.php make sure to set: drid=3&name=<!-- as authenticated user.
- A 200 OK "Success! Your doctor has been modified." Should be returned.
- With your browser try to visit about.php, doctors.php and meet_drs.php
- Pages unable to load due to the reflection of the html closing tag not being filtered.
Im unsure if this is intended or not. Maybe its a separate bug ID vs the XSS that must exist on this parameter... If I find it another report shall follow! Cheers!
Even though this issue has been accepted as valid, no FirstBlood ID has been set for this report.
Creator & Administrator
This would be considered HTML injection without clear impact demonstrated and as such this report will be accepted as informative