SecureBank
  • About SecureBank
  • A01:2021 – Broken Access Control
    • About
    • Challenges
  • A02:2021 – Cryptographic Failures
    • About
    • Challenges
  • A03:2021 – Injection
    • About
    • Challenges
  • A04:2021 – Insecure Design
    • About
    • Challenges
  • A05:2021 – Security Misconfiguration
    • About
    • Challenges
  • A06:2021 – Vulnerable and Outdated Components
    • About
    • Challenges
  • A07:2021 – Identification and Authentication Failures
    • About
    • Challenges
  • A08:2021 – Software and Data Integrity Failures
    • About
    • Challenges
  • A09:2021 – Security Logging and Monitoring Failures
    • About
  • A10:2021 – Server-Side Request Forgery (SSRF)
    • About
    • Challenges
  • CROSS SITE SCRIPTING (XXS)
    • About
    • Challenges
  • XML External Entities (XXE)
    • About
    • Challenges
  • Miscellaneous
    • Invalid Model
    • Invalid Redirect
    • Directory Browsing
    • Simultaneous Request
    • reDOS
Powered by GitBook
On this page
  • Challenge
  • Solution

Was this helpful?

  1. Miscellaneous

Invalid Redirect

Challenge

Create an invalid, not local, redirect.

Solution

On endpoint api/Auth/Logout?returnUrl={url} you need to set URL to some not local URL like https://www.google.com/.

You will find the flag in the response cookie.

PreviousInvalid ModelNextDirectory Browsing

Last updated 4 years ago

Was this helpful?