OPEN REDIRECT

this attack redirect a victim to an attacker-controlled site by abusing a legitimate application's redirection functionality. all the attacker has to do is specify a website under their control in a redirection URL of a legitimate website and pass this URL to the victim. this is possible when the legitimate application's redirection functionality does not perform any kind of validation regarding the websites to which the redirection points. this is extremely useful during the initial access phase since it can lead victims to attacker-controlled web pages through a page that they trust.

#open redirect vulnerability on the target site
$red = $_GET['url'];
header("Location: " . $red);

 * the variable $red gets its value from a parameter called url.
    - the $_GET is a PHP superglobal variable that enables access to the url parameter value.

 * the location response header indicates the URL to redirect a page to. it sets the 
   location to the value of red, without any validation. 

MITIGATION

to remediate open redirects, avoid using user-supplied URLs or validate them strictly. If user input is necessary, ensure the value is valid, appropriate, and authorized. Map destination inputs to values, not actual URLs, and use server-side code to translate them. Sanitize inputs with a list of trusted URLs or regex. Implement a Safe Redirect, requiring users to confirm the redirection through a notification page.