FirstBlood-#219DOM XSS
This issue was discovered on FirstBlood v1



On 2021-05-12, smhtahsin33 Level 3 reported:

Hello, Found a DOM xss on /register.php

Steps To Reproduce:

  1. Visit http://firstbloodhackers.com:49585/register.php?ref=javascript:confirm();
  2. Click on Return to previous page
  3. The alert will pop up :D

Impact: Javascript Code Execution

P3 Medium

Endpoint: /register.php

Parameter: ?ref=

Payload: javascript:confirm();


FirstBlood ID: 16
Vulnerability Type: Reflective XSS

The parameter "ref" is vulnerable to XSS on register.php. The developers failed to filter javascript: when used on "return to previous page"