FirstBlood-#718Open redirect by logout.php
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-27, newrouge Level 3 reported:

Hey, i found that endpoint /drpanel/logou.php?ref= is still vulnerable to Open redirect.

PS: This payload works fine on Chrome, Chromium, Brave and IE but *not on Firefox**

Thanks

newrouge

P4 Low

Endpoint: /drpanel/logout.php?ref=/%09/example.com

Parameter: ?ref=

Payload: /%09/example.com


FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.