Reflected xss on edit-doctor.php

FirstBlood-#1517 — Reflected xss on edit-doctor.php
This issue was discovered on FirstBlood v3

This report has been reviewed and accepted as a valid vulnerability on FirstBlood!

On 2022-12-10, didsec Level 5 reported:


        Hi There
I found a reflected XSS on edit-doctor.php.
The parameter id is missing sensitization
Payload
"><svg/onload=alert(document.domain)>
Steps To Reproduce

Login to drpanel
Visit firstbloodhackers.com/drpanel/edit-doctor.php?id="><svg/onload=alert(document.domain)>

This parameter is reflected in 3 places on the edit-doctor page so the xss will execute 3 times
Impact

Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user..
Steal user's cookie. 

Remediation

encode special characters like ' " < >

Supporting Material/References:

https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

This report has been publicly disclosed for everyone to view

P3 Medium

Endpoint: /drpanel/edit-doctor.php

Parameter: id

Payload: "><svg/onload=alert(document.domain)>

FirstBlood ID: 63
Vulnerability Type: Reflective XSS

The endpoint /edit-doctors.php is vulnerable to reflective XSS via the ?id parameter

BugBountyHunter

Payload

Steps To Reproduce

Impact

Remediation

Supporting Material/References: