So i have been studying a lot of bug report regarding redirecting URL to a malicious website,most are understandable like when you log in or log out or you are just being redirected to another domain of the same web site ,you change parameter in url and your are redirected to some other domain.However i cant seem to understand a POC video in which the hacker uses "../.." to redirect which i don't understand .Here is the link
https://www.youtube.com/watch?v=ibtWniVydLY&t=66s
this one is also pretty confusing https://www.youtube.com/watch?v=T-x0OGS223M how did he knew how to add ?next parameter .And why next why not next_url?
Can someone please explain.Or at least guide me to a document on which it is explained. Thanks