TL;DR: By using the weird behavior of PHP’s loose comparison, I was able to bypass a HMAC based integrity check, which led to an open redirect.

Before I start, I would like to point out that this is my first write up so please be indulgent.

Ankama is a French company, mainly known for the MMORPG Dofus. In order to protect players from phishing, every link published in-game, on their forums or inside the messaging system is protected, by passing the user through an interstitial page before redirection.

In concrete terms, before being published, each link is replaced by a…

Aeinot

Computer science student · Security enthusiast · Beginner bug bounty hunter · https://aeinot.fr

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store