This is a writeup about an easy open redirect vulnerability that I found in a private program.
The target website was not validating the redirects on the parameter `redirect` which allowed unvalidated redirects and forwards to other websites.
Attacker is able to redirect victims from the main website to malicious websites and steal their credentials or perform other sensitive actions.
The vulerable url was in this form: https://www.privatewebsite.com/acknowledgement.jsp?redirect=https%3A%2F%2Fahmadhalabi.net%2F
Send the vulnerable url to the victim. Once the victim visited it, he will be redirected to attacker's page.