FirstBlood-#1174Open Redirect on /logout.php endpoint
This issue was discovered on FirstBlood v3

On 2022-12-08, mr_xhunt Level 8 reported:


I have found an Open Redirect on /logout.php in the ref parameter, although this does not work on firefox but I have tested it only on Chrome where it works and It required some filter bypass.

Steps To Reproduce:

  1. Visit the following link and you will be Redirected to page


P4 Low

Endpoint: /logout.php

Parameter: ref

Payload: /%09/

FirstBlood ID: 68
Vulnerability Type: Open Redirect

The open redirect on /drpanel/logout.php remains unfixed