FirstBlood-#730Open Url Redirect found at /drpanel/logout.php?ref=
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-27, vishal Level 2 reported:

Discription :Open Url Redirect found at /drpanel/logout.php?ref=

Step to Reproduce: 1.visit /drpanel/logout.php?ref=/%09/attacker.com

Limitation:this open Url redirect wasn't working on firefox browser. except that all other major browser such as :Edge,Crome,Brave were affected by it .

Let me know if something is missing. regards - vishal

P4 Low

Endpoint: /drpanel/logout.php

Parameter: ref

Payload: //attacker.com


FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.