FirstBlood-#403 — Reflected XSS at Register.php
This issue was discovered on FirstBlood v2
On 2021-10-25, mrrootsec Level 2 reported:
Hello Zseano Hope you are doing well
On Firstbloodv2 at /register.php endpoint ref is accepting the user input without proper filtering.
Steps to Reproduce the issue :
Navigate to https://60a81d3c72d0-mrrootsec.a.firstbloodhackers.com/register.php
At the end of the URL add the accepted parameters along with xss payloads like below
Click on Return to previous page
The alert will popup..
- As an attacker i can steal of user session cookies and an administrative account, the attacker can gain administrative access to the entire application. Sometimes this vulnerability can leads to Credential theft and Sensitive Data Leakage.
Remediation / Fix :
Implement Input Validation Input validation is the process of ensuring that a web application returns only trusted and proper data in order to prevent malicious data from entering the system and causing harm to the site, users, and database.
Another great way of mitigating the impact of an XSS flaw can be implementing a robust content security policy
Use Security Headers Set the X-XSS protection header to “X-XSS-Protection: 0” to disable the XSS Auditor, preventing it from taking the default browser to handle responses.
Thanks and Regards - MOHAMMAD SAQLAIN
FirstBlood ID: 32
Vulnerability Type: Reflective XSS
The parameter ?ref on register.php was poorly fixed and can be bypassed in various ways. Firstly the developer failed to use strtolower() when comparing strings, and the use of characters such as
%09 will also bypass the filter.