The Reflected XSS
vulnerability occurs because redirect.php
does not properly validate the value of the url
parameter. Using javascript:
throws an error in parsing the url. But I bypassed it using javascript://%0A
.
1. Open the https://www.admidio.org/demo_en/adm_program/system/redirect.php?url=javascript://%250aalert(document.domain)
2. If you click the `here`, you can see that occur a xss!
Through this vulnerability, an attacker is capable to execute malicious scripts.