Tabnapping Vulnerability in Edge Browser [Unpatched]



Hello Friends,

Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.

If you don't know about tabnabbing or tabnapping, then visit this
https://www.hackerinside.me/2018/09/what-is-tabnabbing-and-tabnapping.html 


PoC:

Open Edge browser and visit this post
[https://www.hackerinside.me/2019/01/tabnapping-vulnerability-in-edge.html]
Next, click on the link given below
[https://whitehatpentesting.000webhostapp.com/tabnabbing.html]
Your previous tab will be redirected to evil.com which proves the vulnerability.

You can also check this on Chrome and Firefox.


Prevention:
 
To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".




Hope Microsoft will fix this bug and other bugs in Future.

Comments

Popular posts from this blog

XSS in Zoho Mail

A Tricky Open Redirect

Email Spoofing for Beginners