FirstBlood-#22 — OpenRedirect on Secure Logout
This issue was discovered on FirstBlood v1
On 2021-05-09, jonlaing Level 2 reported:
The url http://firstbloodhackers.com:49195/drpanel/logout.php?ref=/ is shown on logging out.
This is vulnerable to an OpenRedirect vulnerability.
The original url can be amended to http://firstbloodhackers.com:49195/drpanel/logout.php?ref=/\///google.com and after following the redirects will take you to Google..
FirstBlood ID: 1
Vulnerability Type: Open Redirect
There is an open url redirect vulnerability on /logout.php. The code expects it to start with / and does not allow to redirect to external domains but this can be bypassed.