FirstBlood-#1174 — Open Redirect on /logout.php endpoint
This issue was discovered on FirstBlood v3
On 2022-12-08, mr_xhunt 
Level 8
reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Summary:
I have found an Open Redirect on /logout.php in the ref parameter, although this does not work on firefox but I have tested it only on Chrome where it works and It required some filter bypass.
Steps To Reproduce:
- Visit the following link and you will be Redirected to
www.google.com page
https://adc9491ac90c-mrxhunt.a.firstbloodhackers.com/drpanel/logout.php?ref=/%09/google.com
POC:
P4 Low
Endpoint: /logout.php
Parameter: ref
Payload: /%09/google.com
FirstBlood ID: 68
Vulnerability Type: Open Redirect
The open redirect on /drpanel/logout.php remains unfixed