Exactly as you are doing. The idea of open redirect vulnerabilities is to use the trust a user has in a specific website (the vulnerable site), and exploit it to get them to visit your website.
So you would send this link to a user: example.com/?url=evil.com/sploitCode.php
. Because the website they see is example.com
, and they trust them, they will click on it (in theory). On the other hand, if you would have send them evil.com
, they would not click on it, because they do not know or trust it.
You can also obfuscate the url further example.com/some/nice/sounding/path/%2F..%2F..%2F..%2F..%2F/?url=evil.com/something-less-evil.php?some-unneded=parameters
. Then you can also wrap it up in a nice a
tag, so users will be less suspicious (then the main advantage is that hovering over the link will show them an innocent link at first glance) .