FirstBlood-#430Reflective xss on register.php with user interaction
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-25, shivam18u Level 3 reported:

Hi Sean,

I found a reflective XSS which can be triggered with user interaction.

By visiting the link https://20380f62fd41-shivam18u.a.firstbloodhackers.com/register.php?ref=ja%0Avasc%0Aript:alert(document.domain) and clicking on Return to previous page, the xss can be triggered.

You can see the link in the bottom left corner after hovering the mouse on Return to previous page button

The hacker can use social engineering to make the victim click on the Return to previous page button.

Have a nice day!

P3 Medium

Endpoint: /register.php

Parameter: ref

Payload: ja%0Avasc%0Aript:alert(document.domain)


FirstBlood ID: 32
Vulnerability Type: Reflective XSS

The parameter ?ref on register.php was poorly fixed and can be bypassed in various ways. Firstly the developer failed to use strtolower() when comparing strings, and the use of characters such as %09 will also bypass the filter.