Open Redirect Lab 4

Meta Refresh Redirect

Difficulty: Medium

Lab Overview

This lab demonstrates open redirect vulnerabilities that occur when HTML meta refresh tags are used for redirects without proper validation of the target URL.

Objective: Test meta refresh-based redirects and understand how HTML-based redirects can be exploited.

Backend Source Code

$redirect_url = $_GET['url'] ?? '';
$delay = $_GET['delay'] ?? 3;

// Vulnerable: No validation of the redirect URL
// HTML will generate:
// <meta http-equiv="refresh" content="$delay;url=$redirect_url">

Test Input Form

Vulnerability Details

Type: Meta Refresh Open Redirect
Severity: Medium
Parameters: url, delay
Method: HTML meta refresh tag
Issue: Client-side redirect without URL validation

Test Payloads

Try these URLs to test the vulnerability:

?url=https://evil.com&delay=1
?url=//evil.com&delay=2
?url=javascript:alert('XSS')&delay=1
?url=data:text/html,&delay=1
?url=ftp://evil.com&delay=3
?url=file:///etc/passwd&delay=2

Attack Scenarios

Phishing attacks with automatic redirects
XSS attacks through javascript: protocol
File access through file: protocol
Bypassing browser security controls
Social engineering with fake loading pages
SEO manipulation through redirect chains

Mitigation Strategies

Validate redirect URLs on the server-side before generating meta refresh tags
Use a whitelist of allowed domains for redirects
Implement Content Security Policy (CSP) to prevent javascript: protocol
Sanitize and encode user input before using in HTML
Consider using server-side redirects (HTTP 302) instead of meta refresh
Add user confirmation for redirects when possible