In .NET, Response.Redirect is one way to redirect a user to another URL, usually exposed in the browser address bar in the form of http://www.mysite.com/Login.aspx?RedirectURL=/ShoppingCart.aspx. If this is an external facing web application, a malicious user can change the redirect URL and have it point to a malicious URL with the combination of social engineering attack.