FirstBlood-#15 — Open Url redirection
This report has been reviewed and accepted as a valid vulnerability on FirstBlood!
On 2021-05-09, d20s84 reported:
Open URL Redirection is active on the above submitted endpoint.
- Login to /login.php using the provided credentials.
- Click on securely logout and intercept the request.
- Provide the payload /\/\evil.com to the vulnerable parameter ?ref=
- Forward the request and Boom the redirection follows to the provided url.
Attacker can redirect the victim to desired malicious web page .
This report has been publicly disclosed for everyone to view
FirstBlood ID: 1
Vulnerability Type: Open Redirect
There is an open url redirect vulnerability on /logout.php. The code expects it to start with / and does not allow to redirect to external domains but this can be bypassed.
Creator & Administrator
Nice work d20s84 :) Enjoy the bounty!
Respect Earnt: 1000000
is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.