TL;DR: By using the weird behavior of PHP’s loose comparison, I was able to bypass a HMAC based integrity check, which led to an open redirect.
Before I start, I would like to point out that this is my first write up so please be indulgent.
Ankama is a French company, mainly known for the MMORPG Dofus. In order to protect players from phishing, every link published in-game, on their forums or inside the messaging system is protected, by passing the user through an interstitial page before redirection.
In concrete terms, before being published, each link is replaced by a URL that looks like…