FirstBlood-#454 — [COLLAB] Reflected XSS via login endpoint
This issue was discovered on FirstBlood v2
On 2021-10-25, amec0e Level 3 reported:
I was checking over previous reports and I noticed "Patrice" didn't quite patch 1 vulnerability which was the reflected XSS via the goto parameter on the login endpoint. Using near the exact same payload we can achieve a reflected XSS.
Steps to Reproduce:
Visit the endpoint
append the following parameter and payload to the URL:
Press enter and observe the payload trigger
In Collaboration with thebinarybot
FirstBlood ID: 26
Vulnerability Type: Reflective XSS
The developers thought they had fixed ?goto= when reflected in an input tag on login.php from a similar bug (
ID 39), but because this endpoint uses legacy code their changes were not applied here and thus the XSS was forgotten.