TL;DR: By using the weird behavior of PHP’s loose comparison, I was able to bypass a HMAC based integrity check, which led to an open redirect.
Before I start, I would like to point out that this is my first write up so please be indulgent.
Ankama is a French company, mainly known for the MMORPG Dofus. In order to protect players from phishing, every link published in-game, on their forums or inside the messaging system is protected, by passing the user through an interstitial page before redirection.
In concrete terms, before being published, each link is replaced by a…