FirstBlood-#1289Reflected XSS on /drpanel/edit-doctor.php endpoint in the `id` parameter
This issue was discovered on FirstBlood v3



On 2022-12-09, mr_xhunt Level 8 reported:

Summary:

While Editing the doctors data, there is a id parameter but we can input any other character and it is being reflected in the source and then bypassed it to get xss.

Steps to Reproduce:

  1. Visit the following link with the payload [note you need to be loggedin as admin] :

    https://7cac14721157-mrxhunt.a.firstbloodhackers.com/drpanel/edit-doctor.php?id=%27)%22%20autofocus%20onfocusin=alert(document.cookie);//

Impact:

The attacker can leak the users cookie and takeover their account.

Underlying Issue

The id value is being reflected in the source without being sanitized first

Remediation:

The parameter value must be sanitized before redirect.

P3 Medium

Endpoint: /drpanel/edit-doctor.php

Parameter: id

Payload: ')" autofocus onfocusin=alert(document.cookie);//


FirstBlood ID: 63
Vulnerability Type: Reflective XSS

The endpoint /edit-doctors.php is vulnerable to reflective XSS via the ?id parameter