Redirect while opening links in new tabs
Hyperlinks that open a new tab to a 3rd party site maybe opening themselves to a vulnerability if given anchor tag attributes are met. Tabs opened with a target="_blank" or a new window with window.open(); leave a call back to the tab/window that opened the link via window.opener
The options available to window.opener are limited, but it is possible to redirect them. With a script as so:
<script> window.opener.location.replace('http://www.evil.com/scam.php'); </script>
So when a user clicks back to the original window, they may have been redirected to a fake site that requires them to log in again.
This vulnerablity can be defeated by adding the attribute rel="noopener noreferrer" to new tab links, and setting new windows opener object to null via newWindow.opener = null;
How To Perform
- Check link creation (form fields, comments, article creation, etc) to see how new links are handled
- Create a test page of your own to link to, or use existing pages
- Observe redirect behavior of original window.