FirstBlood-#278 — Open redirect in logout function
This report has been reviewed and accepted as a valid vulnerability on FirstBlood!
On 2021-05-15, YouGina reported:
There is an open URL redirect vulnerability in the logout functionality of this application. This allows the attacker to redirect a user to any url of choice.
Steps to reproduce
An attacker can provide the following link to a victim to exploit this vulnerability. The victim will be forwarded to attacker.com:
To be complete I have been able to identify three bypass techniques to exploit this vulnerability:
Using these payloads in the url will look like:
This report has been publicly disclosed for everyone to view
FirstBlood ID: 1
Vulnerability Type: Open Redirect
There is an open url redirect vulnerability on /logout.php. The code expects it to start with / and does not allow to redirect to external domains but this can be bypassed.
Respect Earnt: 1000000
is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.