changed filename & description
parent
d5d5f8fb20
commit
a30d4586f1
|
@ -0,0 +1,23 @@
|
||||||
|
id: tabnabbing
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: (Reverse) Tabnabbing
|
||||||
|
author: bolli95
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'regex("<a[A-z0-9\/\"\&\=\%\#\.\:\_\@\\\$ ]*target\=\"_blank\"[A-z0-9\/\"\&\%\=\#\.\:\_\@\\\$ ]*>",
|
||||||
|
replace_regex(replace_regex(body, "<a[A-z0-9\/\"\&\=\%\#\.\:\_\@\\\$ ]*target\=\"_blank\"[A-z0-9\/\"\&\%\=\#\.\:\_\@\\\$ ]*(rel=\"noopener noreferrer\"|rel=\"noreferrer noopener\"|rel=\"noreferrer\"|rel=\"noopener\")[A-z0-9\/\"\&\%\=\#\.\:\_\@\\\$ ]*>", ""),
|
||||||
|
"<a[A-z0-9\/\"\&\=\%\#\.\:\_\@\\\$ ]*(rel=\"noopener noreferrer\"|rel=\"noreferrer noopener\"|rel=\"noreferrer\"|rel=\"noopener\")[A-z0-9\/\"\&\%\=\#\.\:\_\@\\\$ ]*target\=\"_blank\"[A-z0-9\/\"\&\%\=\#\.\:\_\@\\\$ ]*>", ""))
|
||||||
|
|| regex("window\.open\\([^,]+\\)", body)'
|
||||||
|
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "!contains(tolower(all_headers), 'referrer-policy: no-referrer')"
|
Loading…
Reference in New Issue