FirstBlood-#535Open Redirect on /drpanel/logout.php?ref=
This issue was discovered on FirstBlood v2

On 2021-10-26, th4nu0x0 Level 2 reported:


The ref parameter is still vulnerable to open redirect on /drpanel/logout.php it turns out that fix was not sufficient and I was able to bypass the fix by adding %09. ​ ​


  • /drpanel/logout.php?ref=/%09/

Steps To Reproduce:


Open redirects can be used in phishing attacks to trick users into thinking that they visiting legitimate website.

P4 Low

Endpoint: /drpanel/logout.php

Parameter: ref

Payload: /%09/

FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.