Archivados
develop
[email protected]
Vulnerability Report (1) Tabnabbing
Hi,
We have found your website vulnerable to this vulnerability.
Vulnerability Report 01: Tabnabbing
The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded.
Exploit:
for more clarification of concept
here is an example:
what you are using now is seem similar like
<html>
<body>
<li><a href="bad.example.com" target="_blank">Vulnerable target using html link to open the new page</a></li>
</body>
</html>
A malicious site that is linked to your page may take advantage of this vulnerability
if they use
<html>
<body>
<script>
if (window.opener) {
window.opener.location = "https://phish.example.com";
}
</script>
</body>
</html>
so the impact is the link will open in a new tab but the parent tab(your web) will redirect to https://phish.example.com(or any link which is in place of https://phish.example.com)
So final tag for that particular anchor tag will be:
Regards :
We have found your website vulnerable to this vulnerability.
Vulnerability Report 01: Tabnabbing
Severity: Critical
Description:
Tabnabbing is a computer exploit which persuades users to submit their login details and passwords. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded. This attack can be done even if JavaScript is disabled, using the "meta refresh" meta element, an HTML attribute used for page redirection that causes a reload of a specified new page after a given time interval. The attack takes advantage of the trust of the victim and the ability of modern web pages to rewrite tabs and their contents for a long time after the page has been loaded.
Issue lies Here :
Description:
Tabnabbing is a computer exploit which persuades users to submit their login details and passwords. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded. This attack can be done even if JavaScript is disabled, using the "meta refresh" meta element, an HTML attribute used for page redirection that causes a reload of a specified new page after a given time interval. The attack takes advantage of the trust of the victim and the ability of modern web pages to rewrite tabs and their contents for a long time after the page has been loaded.
Issue lies Here :
<a class="mt32 mb16 visible-android" target="_blank" href="https://play.google.com/store/apps/details?id=com.odoo.mobile&hl=en&pcampaignid=MKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1">
<img style="width:164px" alt="Get it on Google Play" src="//odoocdn.com/openerp_website/static/src/img/store_badges/PlayStore_ENUS.png" loading="lazy">
</a>
<img style="width:164px" alt="Get it on Google Play" src="//odoocdn.com/openerp_website/static/src/img/store_badges/PlayStore_ENUS.png" loading="lazy">
</a>
<a class="mt32 mb16 visible-ios" target="_blank" href="https://itunes.apple.com/us/app/odoo/id1272543640?mt=8">
<img style="width:164px" alt="Download on the Apple Store" src="//odoocdn.com/openerp_website/static/src/img/store_badges/Apple_Store_Badge_ENUS.svg" loading="lazy">
</a>
<img style="width:164px" alt="Download on the Apple Store" src="//odoocdn.com/openerp_website/static/src/img/store_badges/Apple_Store_Badge_ENUS.svg" loading="lazy">
</a>
Proof of concept :
Impact:
The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded.
Exploit:
for more clarification of concept
here is an example:
what you are using now is seem similar like
<html>
<body>
<li><a href="bad.example.com" target="_blank">Vulnerable target using html link to open the new page</a></li>
</body>
</html>
A malicious site that is linked to your page may take advantage of this vulnerability
if they use
<html>
<body>
<script>
if (window.opener) {
window.opener.location = "https://phish.example.com";
}
</script>
</body>
</html>
so the impact is the link will open in a new tab but the parent tab(your web) will redirect to https://phish.example.com(or any link which is in place of https://phish.example.com)
Mitigations:
I can recommend you to add rel=" no referer, no opener" to avoid this issue.
So final tag for that particular anchor tag will be:
<a class="mt32 mb16 visible-android"rel=" no referer, no opener" target="_blank" href="https://play.google.com/store/apps/details?id=com.odoo.mobile&hl=en&pcampaignid=MKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1">
<img style="width:164px" alt="Get it on Google Play" src="//odoocdn.com/openerp_website/static/src/img/store_badges/PlayStore_ENUS.png" loading="lazy">
</a>
</a>
<a class="mt32 mb16 visible-ios"rel=" no referer, no opener" target="_blank" href="https://itunes.apple.com/us/app/odoo/id1272543640?mt=8">
<img style="width:164px" alt="Download on the Apple Store" src="//odoocdn.com/openerp_website/static/src/img/store_badges/Apple_Store_Badge_ENUS.svg" loading="lazy">
</a>
</a>
Please let me know if you need more information. Looking after your response.
Regards :
Asif.
por Bug Hunter <[email protected]> - 06:10 - 30 abr. 2022