You can can notice some open redirects exist on these pages.
00.php should be safe, if it even exists while 10.php has no security at all.
You can view all the challenges over at the parent directory
There are solutions as well

Sometimes applications need to direct the traffic to another page. The intended functionality of that would be to navigate the user to an expected page but it’s really easy for attackers to mess this up when their user input can influence the outcome of that redirection. In other words, when a website allows for redirection to an unexpected page, this is called an open redirect. 

Ideally the user should never be able to influence the outcome of a redirection because it can add legitimacy to a phishing attempt to fool a victim. After all, if I send you a URL that says “facebook.com?blabla” and it redirects to gmail BUT i fake the gmail website that it redirects to, the user is much more likely to fall for our trap cards.


If the redirection happens based on a URL parameter, we call it reflected open redirect. While they might seem harmless because they don’t directly damage the website that hosts them, they can be very damaging to the reputation of a company.

You have to know that in bug bounties, there are targets that do not accept open redirects in the whole application or certain features. Read the Out Of Scope section well! In pentesting, this is often reported as a low/medium issue.



This lab was inpsired by OWASP.
URL: