develop archivos de la lista de correo

[email protected]

Avatar

Vulnerability Report (1) Tabnabbing

por Bug Hunter <[email protected]> - 30/04/2022 18:09:40
Hi,

We have found your website vulnerable to this vulnerability.

Vulnerability Report 01: Tabnabbing

Severity: Critical

Description:

Tabnabbing is a computer exploit which persuades users to submit their login details and passwords.  The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded.  This attack can be done even if JavaScript is disabled, using the "meta refresh" meta element, an HTML attribute used for page redirection that causes a reload of a specified new page after a given time interval.  The attack takes advantage of the trust of the victim and the ability of modern web pages to rewrite tabs and their contents for a long time after the page has been loaded.  

Issue lies Here :

<a class="mt32 mb16 visible-android" target="_blank" href="https://play.google.com/store/apps/details?id=com.odoo.mobile&amp;hl=en&amp;pcampaignid=MKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1">
      <img style="width:164px" alt="Get it on Google Play" src="//odoocdn.com/openerp_website/static/src/img/store_badges/PlayStore_ENUS.png" loading="lazy">
    </a>

<a class="mt32 mb16 visible-ios" target="_blank" href="https://itunes.apple.com/us/app/odoo/id1272543640?mt=8">
      <img style="width:164px" alt="Download on the Apple Store" src="//odoocdn.com/openerp_website/static/src/img/store_badges/Apple_Store_Badge_ENUS.svg" loading="lazy">
    </a>

Proof of concept :

image.png

Impact:

The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded.  

Exploit:

for more clarification of concept
here is an example:
what you are using now is seem similar like
<html>
<body>
<li><a href="bad.example.com" target="_blank">Vulnerable target using html link to open the new page</a></li>

</body>
</html>

A malicious site that is linked to your page may take advantage of this vulnerability
if they use

<html>
<body>
<script>
if (window.opener) {
window.opener.location = "https://phish.example.com";
}
</script>
</body>
</html>

so the impact is the link will open in a new tab but the parent tab(your web) will redirect to https://phish.example.com(or any link which is in place of https://phish.example.com

Mitigations: 

I can recommend you to add rel=" no referer, no opener" to avoid this issue.

So final tag for that particular anchor tag will be:

      <img style="width:164px" alt="Get it on Google Play" src="//odoocdn.com/openerp_website/static/src/img/store_badges/PlayStore_ENUS.png" loading="lazy">
    </a>

<a class="mt32 mb16 visible-ios"rel=" no referer, no opener" target="_blank" href="https://itunes.apple.com/us/app/odoo/id1272543640?mt=8">
      <img style="width:164px" alt="Download on the Apple Store" src="//odoocdn.com/openerp_website/static/src/img/store_badges/Apple_Store_Badge_ENUS.svg" loading="lazy">
    </a>

Please let me know if you need more information. Looking after your response.

Regards :
Asif.