FirstBlood-#1079Open redirect still works on logout.php
This issue was discovered on FirstBlood v3

On 2022-12-08, ayush1098 Level 7 reported:

Hello Team,


The open redirect is still working on logout.php endpoint. We can redirect the user to any website.

Steps To Reproduce:

Go to this -->

It will redirect the user to



Thanks & Regards Ayush Singh

P4 Low

Endpoint: logout.php

Parameter: ref

Payload: /%09/

FirstBlood ID: 68
Vulnerability Type: Open Redirect

The open redirect on /drpanel/logout.php remains unfixed

Report Feedback


Creator & Administrator

Congratulations, you were the third user to report this!