Tabnapping Vulnerability in Edge Browser [Unpatched]



Hello Friends,

Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.

If you don't know about tabnabbing or tabnapping, then visit this
https://www.hackerinside.me/2018/09/what-is-tabnabbing-and-tabnapping.html 


PoC:

Open Edge browser and visit this url https://whitehatpentesting.000webhostapp.com/tabnabbing.html



Prevention:
 
To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".




Hope Microsoft will fix this bug and other bugs in Future.

Comments

Popular posts from this blog

A Tricky Open Redirect

DoS on WAF Protected Sites by Abusing Cookie

Email Spoofing for Beginners