Open Redirect
Open redirect π refer to an endpoint such as https://example.com/redirect.php used to redirect users, but that do not check, or not correctly check where the user is redirected.
Some CRM tools such as HubSpot redirect links in emails to pass through their website to trace when the link was clicked/... for the company to analyze their email campaigns. It's common for websites to use redirections for analytics.
It's mainly used for phishing π£ by making users click on a link to a domain they trust, while not seeing that the link is actually exploited to redirect to a malicious website.
https://[...]?xxx=some_url $\to$ https://[...]?xxx=malicious_url
π» To-do π»
Stuff that I found, but never read/used yet.
- encode malicious URL as hexadecimal to try filter by-passing