Imagine that you are a QA engineer in charge of detecting defects in software. Once you detect a problem, you create a ticket in the system with a description of the problem. But the report that you create is not just stored in your system, it is shared with other systems as well and is used by developers to track the bugs. The URL created by your system to share the information is the following:

www.trackbugs.com/new_bug.php?ticket=13&id_qa=123&criticity=medium&redirect=devcompany.jira.com 

When the developers' application receives the ticket, it processes the information received in the URL and creates a new ticket. So, what happens if a user sends this information in another URL? See the following:

www.trackbugs.com/new_bug.php?ticket=13&id_qa=123&criticity=medium&redirect=devcompany.jirafake.com 

The jirafake.com site can steal all the information in the request.