www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2016
Sun Jan 15, 2017 10:13 pm by printexpk1

» SQL Dumper v.8.0
Fri Jan 13, 2017 10:18 pm by imsopickled

» Infographic Resume/CV Pack
Fri Jan 06, 2017 2:55 pm by Admin

» My Dear Love
Tue Jan 03, 2017 2:24 pm by Admin

» 2017 Calendar | One Page Calendar
Sun Jan 01, 2017 9:03 am by Admin

» Diagnosing Traffic Drops Using Google Analytics
Fri Dec 30, 2016 11:59 am by Admin

» British/UK Passport PSD
Thu Dec 29, 2016 4:03 pm by Admin

» PHP Mailer - Mass Emails All in inbox 2017
Thu Dec 29, 2016 3:55 pm by Admin

» How to Close any Facebook Account?
Wed Dec 28, 2016 10:51 am by Admin

January 2017

MonTueWedThuFriSatSun
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
shahrozerashid007@gmail.com
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

This Familiar HTML Attribute Has Given Birth To A New Way Of Phishing

Share

Admin
Admin

Posts : 469
Reputation : 6
Join date : 2014-12-10
Age : 24
Location : Pakistan

This Familiar HTML Attribute Has Given Birth To A New Way Of Phishing

Post by Admin on Sun Sep 04, 2016 6:30 am



The “target” attribute of anchor tag in HTML converts a website into a phishing platform if the website allows its users to post links.

We all use the anchor tag in HTML for providing a hyperlink in our hypertext document. But using this attribute with value ” _blank” in a particular way may make your website a great target for attackers.

The case becomes worse if your website is vulnerable to XSS.

Why?
Because when you open a new tab by reference from an existing tab, your browser allows this new tab to communicate with the referrer tab by using window.opener API.

How Does It Work:

imagine you have coded a webpage which has hyperlinks and you have used the target attribute with value _blank in this way:

href="http//:[You must be registered and logged in to see this link.] target="_blank"

And the link which is being referred here allows the users to put links on this page in some way. For example, Facebook allows you to put a link to your website on your website’s Facebook page.
Then a user may place a link to his/her website which has some malicious script on it like:

window.opener.location('http:fakewebsite.com/fakepage');

When the link is opened in new tab, this malicious code changes the link loaded in the referrer tab. The attacker may place a fake page asking for login, and ultimately collect your credentials.

Can I prevent this from happening?

Of course you can. By placing this code in your anchor tag, you can prevent your page from being used as a phishing surface.

rel="noopener"

If you are lazy enough to risk your security, I suggest a one time solution. Download this from github and include this file as a script source in your next document.

If you want to read further, I would advise you to follow the text on this page.

And finally,if you have any further queries, feel free to ask in the comments.

    Current date/time is Tue Jan 24, 2017 12:09 am