Surprised the author doesn't mention oauth - open redirects are the achilles' heel of oauth flows and allow for full account takeovers. It is very common.
Very common in 2019? I haven't run across an OAuth provider in some time that isn't properly checking redirect_uri against at least a whitelist of domains (if not the full URL).
Is there another redirect attack I'm not aware of? The other attacks on redirect generally involve gaining access to some other page on the client you are attacking and using that as a redirect which the provider will often allow if it's only validating the domain. That's not really an open redirect, however...
