Very common in 2019? I haven't run across an OAuth provider in some time that isn't properly checking redirect_uri against at least a whitelist of domains (if not the full URL).
Is there another redirect attack I'm not aware of? The other attacks on redirect generally involve gaining access to some other page on the client you are attacking and using that as a redirect which the provider will often allow if it's only validating the domain. That's not really an open redirect, however...
Is there another redirect attack I'm not aware of? The other attacks on redirect generally involve gaining access to some other page on the client you are attacking and using that as a redirect which the provider will often allow if it's only validating the domain. That's not really an open redirect, however...
Am I missing something?