DOM-based open redirection


This lab contains a DOM-based open-redirection vulnerability.

Reproduction and proof of concept

  1. Analysis:

<div class="is-linkback">
    <a href='#' onclick='returnUrl = /url=(https?:\/\/.+)/.exec(location); if(returnUrl)location.href = returnUrl[1];else location.href = "/"'>Back to Blog</a>

The url parameter allows changing the Back to Blog link in a Blog page.

  1. Construct a URL for redirecting the user to the exploit server:
  1. Paste this url in browser and hit enter.


An attacker needs to exploit this vulnerability and redirect the victim to an exploit server.