FirstBlood-#565 — Reflected XSS inside ref parameter on /register.php
This issue was discovered on FirstBlood v2
On 2021-10-26, neolex Level 2 reported:
ref parameter is vulnerable to reflected XSS
The value is reflected inside a
<a> tag inside the webpage.
Step to reproduce
- Click on
Return to previous page like the screenshot is showing
- The XSS is triggered
FirstBlood ID: 32
Vulnerability Type: Reflective XSS
The parameter ?ref on register.php was poorly fixed and can be bypassed in various ways. Firstly the developer failed to use strtolower() when comparing strings, and the use of characters such as
%09 will also bypass the filter.