Invalid Redirect

Challenge

Create an invalid, not local, redirect.

Solution

On endpoint api/Auth/Logout?returnUrl={url} you need to set URL to some not local URL like https://www.google.com/.

You will find the flag in the response cookie.

PreviousInvalid ModelNextDirectory Browsing

Last updated