FirstBlood-#413Open redirect at
This issue was discovered on FirstBlood v2

On 2021-10-25, 0xconft Level 5 reported:

Hi there,

I notice that endpoint is still vulnerable to open redirect. Even though there's character removal for / and even translation of "/" -> ".". It's still vulnerable with this payload // that will be reflected as


PoC redirect to

Impact of this vulnerability is this can be used for phsiing or for bypassing SSRF filter

Best Regards, 0xconft

P4 Low

Endpoint: /drpanel/logout.php?

Parameter: ref

Payload: //

FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.