Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. They are great for facilitating phishing attacks and for chaining vulnerabilities but not that impactful on their own.

1. Search for responses in the 300 Range.
2. Check if the request still works after modifying the token.
3. Search for location.href in the source code. The main page should always be inspected. Pages that contain navigation buttons in the DOM are suspicious as well, e.g. back to blog or back to main page buttons.
4. Identify the url parameters responsible for the Redirects.
5. Try to redirect the page to an external domain using the url parameter or "@" that will work if we are in the root of the domain.

Example payloads:

• https://example.com/login/?nextPage=https://google.com
• https://example.com/login/?nextPage=https://evilsite.com/?google.com
• https://example.com/login/?nextPage=https://google.com@evilsite.com