TL;DR: By using the weird behavior of PHP’s loose comparison, I was able to bypass a HMAC based integrity check, which led to an open redirect.

Before I start, I would like to point out that this is my first write up so please be indulgent.

Ankama is a French company, mainly known for the MMORPG Dofus. In order to protect players from phishing, every link published in-game, on their forums or inside the messaging system is protected, by passing the user through an interstitial page before redirection.

In concrete terms, before being published, each link is replaced by a URL that looks like…

About

Aeinot

Computer science student · Security enthusiast · Beginner bug bounty hunter · https://aeinot.fr

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store