Go fishing with target =”_blank”
- Tram Ho
Introduce
Go fishing or some Tay or call Phishing which means a scam to steal a user’s account, password, or credit card. This article will show you how to fish with your browser’s target = “_ blank” attribute .
Method
If you use the target = “_ blank” attribute on a link without the rel = “noopener noreferrer attribute” to open a site that is not under your control. The newly opened page will access your entire window object via window.opener
The code below will illustrate that
1 2 3 | if (window.opener) { window.opener.location = "https://khoanguyen.me/phishing-target-blank/landing.html?referrer="+document.referrer } |
What is serious? Try to imagine https://khoanguyen.me/phishing is a bait page of anglers with login interface like your site, users will lose their password easily.
For example
- Go to Khoa Nguyen dot me fanpage
- Click Like to help me (like cheap sentences)
- Click on the truyen.me link . A new browser card / window will open
- Note that the original card (Facebook.com) has been moved to this page
Overcome
The fix is to insert the rel = “noopener noreferrer attribute” into all links with the target = “_ blank” attribute . Or at least the user-inserted links.
And above all, if you find out which site has this vulnerability, immediately report it to the administrator of the site to fix it.
ITZone via khoanguyen
Source : Khoa Nguyen