Open Url Redirect found at /drpanel/logout.php?ref=

FirstBlood-#730 — Open Url Redirect found at /drpanel/logout.php?ref=
This issue was discovered on FirstBlood v2

This report has been reviewed and accepted as a valid vulnerability on FirstBlood!

On 2021-10-27, vishal Level 2 reported:


Discription :Open Url Redirect found at /drpanel/logout.php?ref=
Step to Reproduce:
1.visit /drpanel/logout.php?ref=/%09/attacker.com


Limitation:this open Url redirect wasn't working on firefox browser. except that all other major browser such as :Edge,Crome,Brave were affected by it .
Let me know if something is missing.
regards - vishal

This report has been publicly disclosed for everyone to view

P4 Low

Endpoint: /drpanel/logout.php

Parameter: ref

Payload: //attacker.com

FirstBlood ID: 18
Vulnerability Type: Open Redirect

The open redirect bug on logout.php was fixed but the code still failed to filter out certain characters such as %09 and thus the endpoint is still vulnerable to open redirect. This vulnerability only affects chrome.

BugBountyHunter

Discription :Open Url Redirect found at /drpanel/logout.php?ref=

Limitation:this open Url redirect wasn't working on firefox browser. except that all other major browser such as :Edge,Crome,Brave were affected by it .