Gnuboard5 Open Redirect Vulnerability in Logout.php

An open redirect vulnerability exists in Gnuboard5 version 5.5.16, specifically within the bbs/logout.php file. This vulnerability allows remote attackers to redirect users to arbitrary URLs, potentially leading to phishing attacks. The issue arises from inadequate validation of the URL parameter, particularly the lack of proper filtering for backslashes, which can be exploited to bypass restrictions and manipulate the redirect behavior.

Impact

Exploitation of this vulnerability could result in phishing attacks, as users may be redirected to malicious sites without their knowledge.

Reproduction

To reproduce this vulnerability, send a request to bbs/logout.php with a crafted URL parameter that includes a backslash followed by the desired domain, such as google.com or github.com. The absence of proper filtering allows the backslash to bypass validation, creating an open redirect.

Remediation

No specific remediation is provided, but developers are advised to implement proper validation of the URL parameter to prevent open redirect vulnerabilities.