FirstBlood-#628 — Reflected XSS on Login.php goto parameter
This issue was discovered on FirstBlood v2.0.0 (issues patched)
On 2021-10-26, sumyth Level 2 reported:
Please find a brief description of the vulnerability below,
Steps to Reproduce:
- Visit the vulnerable endpoint. Add the 'goto=' parameter to the URL along with payload and send the request to server.
FirstBlood ID: 39
Vulnerability Type: Reflective XSS
Our mistake: The parameter "goto" on login.php should of been "fixed" when redirecting to prevent XSS but due to an oversight from Sean and Karl, the new code did not make it into production. This has since updated since the event ended and you're recommended to re-try. It's related to bug
ID 26 because the idea was developers fixed *this* one (when redirecting) but forgot the other reflection.