FirstBlood-#535 — Open Redirect on /drpanel/logout.php?ref=
This issue was discovered on FirstBlood v2.0.0 (issues patched)
On 2021-10-26, th4nu0x0 Level 2 reported:
refparameter is still vulnerable to open redirect on
/drpanel/logout.phpit turns out that fix was not sufficient and I was able to bypass the fix by adding
Steps To Reproduce:
Open redirects can be used in phishing attacks to trick users into thinking that they visiting legitimate website.
FirstBlood ID: 18
Vulnerability Type: Open Redirect
The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as
%09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.