FirstBlood-#258 — Reflected XSS on /login.php using ref parameter
This report has been reviewed and accepted as a valid vulnerability on FirstBlood!
On 2021-05-15, iffu reported:
I've found a Reflected XSS on /login.php on the parameter 'ref'.
How I found this bug
After playing around and having a look on all the endpoints, I observed that there's a parameter 'ref' being used to redirect the user after he logs out of his account on /logout.php.
Then, I thought, may be this parameter is also being used on /login.php while logging in. The I just appended this parameter on /login.php and then I observed that there's a reflection of the value of the input in the source code.
So, the final payload becomes j%0aava%0ascr%0aipt:onerror=prompt;throw%20document.cookie
Steps to Reproduce
- Visit /login.php and append a parameter 'ref' to the url.
- Now inject the payload in the value of the ref parameter.
- Now, click on the "Return to the previous page"
- You will be popped with an alert.
Thanks zseano and please let me know if you need any more info regarding this bug
This report has been publicly disclosed for everyone to view
FirstBlood ID: 3
Vulnerability Type: Reflective XSS
Respect Earnt: 1500000
is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.