FirstBlood-#1166 — Open redirect on logout remained unpatched
This issue was discovered on FirstBlood v3
On 2022-12-08, 0xblackbird reported:
I found out that the open redirect remained unfixed since the previous hackevent!
The issue remained unfixed from the previous version of firstblood. It didn't properly validate user input before as it only looked for if the redirect URL starts with a
I'm able to redirect any user from a trusted host to any other external host.
Steps to reproduce:
Proof of Concept URL:
1) Visit the PoC above (it does not really matter whether you're authenticated or not) 2) You'll notice that you got redirected to https://example.com
I recommend using a strong regex pattern or implementing a whitelist-based approach.
Have a nice day!
Kind regards, 0xblackbird
FirstBlood ID: 68
Vulnerability Type: Open Redirect
The open redirect on /drpanel/logout.php remains unfixed