FirstBlood-#382Logout.php is still vulnearble to Open Redirect
This issue was discovered on FirstBlood v2

On 2021-10-25, kinako Level 5 reported:

Dear FirstBlood security team, I found a vulnerability on your service. I hope this report will help you.


The ref param is vulnerable to Open Redirect.

Vulnerability Description(PoC)

First of all, /drpanel/logout.php has the ref param to redirect users.

The firstblood server-side seems to sanitize its value but it can be bypassed by payload above.


This value will make victim go to Google top page via 302 Found.


  • normal users can be redirected to malicious website prepared by the attackers

Regards, kinako

P4 Low

Endpoint: /drpanel/logout.php

Parameter: ref

Payload: ?ref=/%09/

FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.