A web application accepts a user-controlled input that
					specifies a link to an external site, and uses that link in a Redirect. This
					simplifies phishing attacks.An http parameter may contain a URL value and could cause the web
						application to redirect the request to the specified URL. By modifying the
						URL value to a malicious site, an attacker may successfully launch a
						phishing scam and steal user credentials. Because the server name in the
						modified link is identical to the original site, phishing attempts have a
						more trustworthy appearance.