OWASP A10-Unvalidated Redirects and Forwards

Web applications often redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages.

Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to use unauthorized pages.


Sometime, your application may need to redirect to another area by sending a redirect header to the customer in an HTTP response.This method found in applications that divert after an successful  verification.

Read More at GBHackers On Security