FirstBlood-#278Open redirect in logout function
This issue was discovered on FirstBlood v1

On 2021-05-15, YouGina Level 3 reported:


There is an open URL redirect vulnerability in the logout functionality of this application. This allows the attacker to redirect a user to any url of choice.

Steps to reproduce

An attacker can provide the following link to a victim to exploit this vulnerability. The victim will be forwarded to\/

Additional details:

To be complete I have been able to identify three bypass techniques to exploit this vulnerability:

Using these payloads in the url will look like:


P4 Low

Endpoint: /drpanel/logout.php

Parameter: ref=

Payload: /\/

FirstBlood ID: 1
Vulnerability Type: Open Redirect

There is an open url redirect vulnerability on /logout.php. The code expects it to start with / and does not allow to redirect to external domains but this can be bypassed.