FirstBlood-#15Open Url redirection
This issue was discovered on FirstBlood v1

On 2021-05-09, d20s84 Level 3 reported:

Summary: Open URL Redirection is active on the above submitted endpoint.


  1. Login to /login.php using the provided credentials.
  2. Click on securely logout and intercept the request.
  3. Provide the payload /\/\ to the vulnerable parameter ?ref=
  4. Forward the request and Boom the redirection follows to the provided url.

Impact: Attacker can redirect the victim to desired malicious web page .

P4 Low

Endpoint: /drpanel/logout.php?ref=/\/\

Parameter: ref=

Payload: /\/\

FirstBlood ID: 1
Vulnerability Type: Open Redirect

There is an open url redirect vulnerability on /logout.php. The code expects it to start with / and does not allow to redirect to external domains but this can be bypassed.

Report Feedback


Creator & Administrator

Nice work d20s84 :) Enjoy the bounty!