Tabnabbing via window.opener [bookwyrm.social] in bookwyrm-social/bookwyrm
Aug 5th 2022
- Hello @bookwyrm-social I found a tabnabbing vulnerability. attack is possible due to
taget=_blankor Tab nabbing via window.opener.
- I was browsing the site and found a tabnabbing vulnerability . As per the observation I found that attack is possible due to taget=_blank or Tab nabbing via window.opener. When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.
STEPS TO REPRODUCE:
1- Open the website URL :-
2- Right-click and click on inspect element
3- Locate the cursor to Element Tab then do
CTRL+F or Search for taget="_blank"
4- If you get blank with a link it means website can be vulnerable like , open redirect like vulnerabilities
5- For More Details To Check the POC
POC Screenshot 1:
POC Screenshot 2:
In order to mitigate this issue, developers are encouraged to use rel="nofollow noopener noreferrer" as follows: <a target="_blank" class="btn external-url" href=#" https://evil.com " rel="nofollow noopener noreferrer"><i class="fa fa-external-link"></i> </a>
Don't open links in new tabs using the target="_blank" Add attribute rel="noreferrer" which also disables referrer Set the window.opener attribute to null on the new tab before redirecting, like this: <script>var w=window.open(url, "target=_blank");w.opener= null;</script>
External links in main domain :
- This type of Phishing has huge potential for tricking users that click on external links from this(your) website to be a victim of a scam page because the redirecting is made in the background, while the user is focused on another tab.